active_stix 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (289) hide show
  1. checksums.yaml +7 -0
  2. data/MIT-LICENSE +20 -0
  3. data/README.md +28 -0
  4. data/Rakefile +32 -0
  5. data/app/assets/config/active_stix_manifest.js +2 -0
  6. data/app/assets/javascripts/active_stix/application.js +15 -0
  7. data/app/assets/javascripts/active_stix/artifacts.js +2 -0
  8. data/app/assets/javascripts/active_stix/attack_patterns.js +2 -0
  9. data/app/assets/javascripts/active_stix/bcc_refs.js +2 -0
  10. data/app/assets/javascripts/active_stix/bundled_objects.js +2 -0
  11. data/app/assets/javascripts/active_stix/bundles.js +2 -0
  12. data/app/assets/javascripts/active_stix/campaigns.js +2 -0
  13. data/app/assets/javascripts/active_stix/course_of_actions.js +2 -0
  14. data/app/assets/javascripts/active_stix/cyber_observables.js +2 -0
  15. data/app/assets/javascripts/active_stix/email_messages.js +2 -0
  16. data/app/assets/javascripts/active_stix/external_references.js +2 -0
  17. data/app/assets/javascripts/active_stix/files.js +2 -0
  18. data/app/assets/javascripts/active_stix/identities.js +2 -0
  19. data/app/assets/javascripts/active_stix/indicator_labels.js +2 -0
  20. data/app/assets/javascripts/active_stix/indicators.js +2 -0
  21. data/app/assets/javascripts/active_stix/intrusion_sets.js +2 -0
  22. data/app/assets/javascripts/active_stix/kill_chain_phases.js +2 -0
  23. data/app/assets/javascripts/active_stix/kill_chains.js +2 -0
  24. data/app/assets/javascripts/active_stix/malwares.js +2 -0
  25. data/app/assets/javascripts/active_stix/marking_definitions.js +2 -0
  26. data/app/assets/javascripts/active_stix/observed_data.js +2 -0
  27. data/app/assets/javascripts/active_stix/open_vocabularies.js +2 -0
  28. data/app/assets/javascripts/active_stix/phases.js +2 -0
  29. data/app/assets/javascripts/active_stix/recipients.js +2 -0
  30. data/app/assets/javascripts/active_stix/relationships.js +2 -0
  31. data/app/assets/javascripts/active_stix/reports.js +2 -0
  32. data/app/assets/javascripts/active_stix/threat_actors.js +2 -0
  33. data/app/assets/javascripts/active_stix/tools.js +2 -0
  34. data/app/assets/javascripts/active_stix/urls.js +2 -0
  35. data/app/assets/javascripts/active_stix/users.js +2 -0
  36. data/app/assets/stylesheets/active_stix/application.css +15 -0
  37. data/app/assets/stylesheets/active_stix/artifacts.css +4 -0
  38. data/app/assets/stylesheets/active_stix/attack_patterns.css +4 -0
  39. data/app/assets/stylesheets/active_stix/bcc_refs.css +4 -0
  40. data/app/assets/stylesheets/active_stix/bundled_objects.css +4 -0
  41. data/app/assets/stylesheets/active_stix/bundles.css +4 -0
  42. data/app/assets/stylesheets/active_stix/campaigns.css +4 -0
  43. data/app/assets/stylesheets/active_stix/course_of_actions.css +4 -0
  44. data/app/assets/stylesheets/active_stix/cyber_observables.css +4 -0
  45. data/app/assets/stylesheets/active_stix/email_messages.css +4 -0
  46. data/app/assets/stylesheets/active_stix/external_references.css +4 -0
  47. data/app/assets/stylesheets/active_stix/files.css +4 -0
  48. data/app/assets/stylesheets/active_stix/identities.css +4 -0
  49. data/app/assets/stylesheets/active_stix/indicator_labels.css +4 -0
  50. data/app/assets/stylesheets/active_stix/indicators.css +4 -0
  51. data/app/assets/stylesheets/active_stix/intrusion_sets.css +4 -0
  52. data/app/assets/stylesheets/active_stix/kill_chain_phases.css +4 -0
  53. data/app/assets/stylesheets/active_stix/kill_chains.css +4 -0
  54. data/app/assets/stylesheets/active_stix/malwares.css +4 -0
  55. data/app/assets/stylesheets/active_stix/marking_definitions.css +4 -0
  56. data/app/assets/stylesheets/active_stix/observed_data.css +4 -0
  57. data/app/assets/stylesheets/active_stix/open_vocabularies.css +4 -0
  58. data/app/assets/stylesheets/active_stix/phases.css +4 -0
  59. data/app/assets/stylesheets/active_stix/recipients.css +4 -0
  60. data/app/assets/stylesheets/active_stix/relationships.css +4 -0
  61. data/app/assets/stylesheets/active_stix/reports.css +4 -0
  62. data/app/assets/stylesheets/active_stix/threat_actors.css +4 -0
  63. data/app/assets/stylesheets/active_stix/tools.css +4 -0
  64. data/app/assets/stylesheets/active_stix/urls.css +4 -0
  65. data/app/assets/stylesheets/active_stix/users.css +4 -0
  66. data/app/assets/stylesheets/scaffold.css +80 -0
  67. data/app/controllers/active_stix/application_controller.rb +5 -0
  68. data/app/controllers/active_stix/artifacts_controller.rb +62 -0
  69. data/app/controllers/active_stix/attack_patterns_controller.rb +27 -0
  70. data/app/controllers/active_stix/bcc_refs_controller.rb +62 -0
  71. data/app/controllers/active_stix/bundled_objects_controller.rb +62 -0
  72. data/app/controllers/active_stix/bundles_controller.rb +11 -0
  73. data/app/controllers/active_stix/campaigns_controller.rb +74 -0
  74. data/app/controllers/active_stix/course_of_actions_controller.rb +62 -0
  75. data/app/controllers/active_stix/cyber_observables_controller.rb +62 -0
  76. data/app/controllers/active_stix/email_addresses_controller.rb +74 -0
  77. data/app/controllers/active_stix/email_messages_controller.rb +26 -0
  78. data/app/controllers/active_stix/external_references_controller.rb +62 -0
  79. data/app/controllers/active_stix/files_controller.rb +74 -0
  80. data/app/controllers/active_stix/identities_controller.rb +128 -0
  81. data/app/controllers/active_stix/indicator_labels_controller.rb +62 -0
  82. data/app/controllers/active_stix/indicators_controller.rb +62 -0
  83. data/app/controllers/active_stix/intrusion_sets_controller.rb +62 -0
  84. data/app/controllers/active_stix/kill_chain_phases_controller.rb +62 -0
  85. data/app/controllers/active_stix/kill_chains_controller.rb +62 -0
  86. data/app/controllers/active_stix/malwares_controller.rb +62 -0
  87. data/app/controllers/active_stix/marking_definitions_controller.rb +62 -0
  88. data/app/controllers/active_stix/observed_data_controller.rb +62 -0
  89. data/app/controllers/active_stix/open_vocabularies_controller.rb +62 -0
  90. data/app/controllers/active_stix/phases_controller.rb +62 -0
  91. data/app/controllers/active_stix/recipients_controller.rb +62 -0
  92. data/app/controllers/active_stix/relationships_controller.rb +62 -0
  93. data/app/controllers/active_stix/reports_controller.rb +62 -0
  94. data/app/controllers/active_stix/threat_actors_controller.rb +75 -0
  95. data/app/controllers/active_stix/tools_controller.rb +62 -0
  96. data/app/controllers/active_stix/urls_controller.rb +62 -0
  97. data/app/controllers/active_stix/user_accounts_controller.rb +74 -0
  98. data/app/controllers/active_stix/users_controller.rb +62 -0
  99. data/app/helpers/active_stix/application_helper.rb +4 -0
  100. data/app/helpers/active_stix/artifacts_helper.rb +4 -0
  101. data/app/helpers/active_stix/attack_patterns_helper.rb +4 -0
  102. data/app/helpers/active_stix/bcc_refs_helper.rb +4 -0
  103. data/app/helpers/active_stix/bundled_objects_helper.rb +4 -0
  104. data/app/helpers/active_stix/bundles_helper.rb +4 -0
  105. data/app/helpers/active_stix/campaigns_helper.rb +4 -0
  106. data/app/helpers/active_stix/course_of_actions_helper.rb +4 -0
  107. data/app/helpers/active_stix/cyber_observables_helper.rb +4 -0
  108. data/app/helpers/active_stix/email_messages_helper.rb +4 -0
  109. data/app/helpers/active_stix/external_references_helper.rb +4 -0
  110. data/app/helpers/active_stix/files_helper.rb +4 -0
  111. data/app/helpers/active_stix/identities_helper.rb +4 -0
  112. data/app/helpers/active_stix/indicator_labels_helper.rb +4 -0
  113. data/app/helpers/active_stix/indicators_helper.rb +4 -0
  114. data/app/helpers/active_stix/intrusion_sets_helper.rb +4 -0
  115. data/app/helpers/active_stix/kill_chain_phases_helper.rb +4 -0
  116. data/app/helpers/active_stix/kill_chains_helper.rb +4 -0
  117. data/app/helpers/active_stix/malwares_helper.rb +4 -0
  118. data/app/helpers/active_stix/marking_definitions_helper.rb +4 -0
  119. data/app/helpers/active_stix/observed_data_helper.rb +4 -0
  120. data/app/helpers/active_stix/open_vocabularies_helper.rb +4 -0
  121. data/app/helpers/active_stix/phases_helper.rb +4 -0
  122. data/app/helpers/active_stix/recipients_helper.rb +4 -0
  123. data/app/helpers/active_stix/relationships_helper.rb +4 -0
  124. data/app/helpers/active_stix/reports_helper.rb +4 -0
  125. data/app/helpers/active_stix/threat_actors_helper.rb +4 -0
  126. data/app/helpers/active_stix/tools_helper.rb +4 -0
  127. data/app/helpers/active_stix/urls_helper.rb +4 -0
  128. data/app/helpers/active_stix/users_helper.rb +4 -0
  129. data/app/jobs/active_stix/application_job.rb +4 -0
  130. data/app/mailers/active_stix/application_mailer.rb +6 -0
  131. data/app/models/active_stix/application_record.rb +5 -0
  132. data/app/models/active_stix/artifact.rb +23 -0
  133. data/app/models/active_stix/attack_pattern.rb +150 -0
  134. data/app/models/active_stix/bcc_ref.rb +6 -0
  135. data/app/models/active_stix/bundle.rb +108 -0
  136. data/app/models/active_stix/bundled_object.rb +4 -0
  137. data/app/models/active_stix/campaign.rb +65 -0
  138. data/app/models/active_stix/cc_ref.rb +6 -0
  139. data/app/models/active_stix/course_of_action.rb +54 -0
  140. data/app/models/active_stix/cyber_observable.rb +4 -0
  141. data/app/models/active_stix/email_address.rb +27 -0
  142. data/app/models/active_stix/email_message.rb +339 -0
  143. data/app/models/active_stix/external_reference.rb +48 -0
  144. data/app/models/active_stix/file.rb +2 -0
  145. data/app/models/active_stix/identity.rb +141 -0
  146. data/app/models/active_stix/indicator.rb +58 -0
  147. data/app/models/active_stix/indicator_label.rb +4 -0
  148. data/app/models/active_stix/intrusion_set.rb +69 -0
  149. data/app/models/active_stix/kill_chain.rb +7 -0
  150. data/app/models/active_stix/kill_chain_phase.rb +6 -0
  151. data/app/models/active_stix/label.rb +17 -0
  152. data/app/models/active_stix/label_malware.rb +4 -0
  153. data/app/models/active_stix/label_report.rb +4 -0
  154. data/app/models/active_stix/label_tool.rb +4 -0
  155. data/app/models/active_stix/malware.rb +98 -0
  156. data/app/models/active_stix/marking_definition.rb +21 -0
  157. data/app/models/active_stix/markup.rb +6 -0
  158. data/app/models/active_stix/object_marking.rb +11 -0
  159. data/app/models/active_stix/observed_datum.rb +67 -0
  160. data/app/models/active_stix/open_vocabulary.rb +8 -0
  161. data/app/models/active_stix/phase.rb +41 -0
  162. data/app/models/active_stix/recipient.rb +4 -0
  163. data/app/models/active_stix/reference_item.rb +4 -0
  164. data/app/models/active_stix/relationship.rb +95 -0
  165. data/app/models/active_stix/report.rb +93 -0
  166. data/app/models/active_stix/report_object.rb +9 -0
  167. data/app/models/active_stix/threat_actor.rb +139 -0
  168. data/app/models/active_stix/to_ref.rb +6 -0
  169. data/app/models/active_stix/tool.rb +112 -0
  170. data/app/models/active_stix/url.rb +15 -0
  171. data/app/models/active_stix/user.rb +4 -0
  172. data/app/models/active_stix/user_account.rb +3 -0
  173. data/app/views/active_stix/artifacts/_form.html.erb +57 -0
  174. data/app/views/active_stix/artifacts/edit.html.erb +6 -0
  175. data/app/views/active_stix/artifacts/index.html.erb +41 -0
  176. data/app/views/active_stix/artifacts/new.html.erb +5 -0
  177. data/app/views/active_stix/artifacts/show.html.erb +44 -0
  178. data/app/views/active_stix/attack_patterns/_form.html.erb +37 -0
  179. data/app/views/active_stix/attack_patterns/edit.html.erb +2 -0
  180. data/app/views/active_stix/attack_patterns/index.html.erb +2 -0
  181. data/app/views/active_stix/attack_patterns/new.html.erb +2 -0
  182. data/app/views/active_stix/attack_patterns/show.html.erb +140 -0
  183. data/app/views/active_stix/bcc_refs/_form.html.erb +27 -0
  184. data/app/views/active_stix/bcc_refs/edit.html.erb +6 -0
  185. data/app/views/active_stix/bcc_refs/index.html.erb +29 -0
  186. data/app/views/active_stix/bcc_refs/new.html.erb +5 -0
  187. data/app/views/active_stix/bcc_refs/show.html.erb +14 -0
  188. data/app/views/active_stix/bundles/index.html.erb +1 -0
  189. data/app/views/active_stix/bundles/show.html.erb +7 -0
  190. data/app/views/active_stix/campaigns/_form.html.erb +42 -0
  191. data/app/views/active_stix/campaigns/_stix_campaign.json.jbuilder +2 -0
  192. data/app/views/active_stix/campaigns/edit.html.erb +6 -0
  193. data/app/views/active_stix/campaigns/index.html.erb +35 -0
  194. data/app/views/active_stix/campaigns/index.json.jbuilder +1 -0
  195. data/app/views/active_stix/campaigns/new.html.erb +5 -0
  196. data/app/views/active_stix/campaigns/show.html.erb +29 -0
  197. data/app/views/active_stix/campaigns/show.json.jbuilder +1 -0
  198. data/app/views/active_stix/email_messages/_form.html.erb +62 -0
  199. data/app/views/active_stix/email_messages/_stix_email_message.json.jbuilder +2 -0
  200. data/app/views/active_stix/email_messages/edit.html.erb +6 -0
  201. data/app/views/active_stix/email_messages/index.html.erb +43 -0
  202. data/app/views/active_stix/email_messages/index.json.jbuilder +1 -0
  203. data/app/views/active_stix/email_messages/new.html.erb +5 -0
  204. data/app/views/active_stix/email_messages/show.html.erb +165 -0
  205. data/app/views/active_stix/email_messages/show.json.jbuilder +1 -0
  206. data/app/views/active_stix/files/_form.html.erb +92 -0
  207. data/app/views/active_stix/files/_stix_file.json.jbuilder +2 -0
  208. data/app/views/active_stix/files/edit.html.erb +6 -0
  209. data/app/views/active_stix/files/index.html.erb +55 -0
  210. data/app/views/active_stix/files/index.json.jbuilder +1 -0
  211. data/app/views/active_stix/files/new.html.erb +5 -0
  212. data/app/views/active_stix/files/show.html.erb +79 -0
  213. data/app/views/active_stix/files/show.json.jbuilder +1 -0
  214. data/app/views/active_stix/identities/_form.html.erb +27 -0
  215. data/app/views/active_stix/identities/_individual.html.erb +100 -0
  216. data/app/views/active_stix/identities/_organization.html.erb +72 -0
  217. data/app/views/active_stix/identities/_received_email_messages.html.erb +27 -0
  218. data/app/views/active_stix/identities/_sent_email_messages.html.erb +27 -0
  219. data/app/views/active_stix/identities/_threat_icons.html.erb +3 -0
  220. data/app/views/active_stix/identities/edit.html.erb +2 -0
  221. data/app/views/active_stix/identities/index.html.erb +37 -0
  222. data/app/views/active_stix/identities/new.html.erb +5 -0
  223. data/app/views/active_stix/identities/show.html.erb +15 -0
  224. data/app/views/active_stix/layouts/active_stix/application.html.erb +16 -0
  225. data/app/views/active_stix/recipients/_form.html.erb +27 -0
  226. data/app/views/active_stix/recipients/edit.html.erb +6 -0
  227. data/app/views/active_stix/recipients/index.html.erb +29 -0
  228. data/app/views/active_stix/recipients/new.html.erb +5 -0
  229. data/app/views/active_stix/recipients/show.html.erb +14 -0
  230. data/app/views/active_stix/threat_actors/_form.html.erb +32 -0
  231. data/app/views/active_stix/threat_actors/_stix_threat_actor.json.jbuilder +2 -0
  232. data/app/views/active_stix/threat_actors/edit.html.erb +6 -0
  233. data/app/views/active_stix/threat_actors/flags.html.erb +184 -0
  234. data/app/views/active_stix/threat_actors/index.html.erb +26 -0
  235. data/app/views/active_stix/threat_actors/index.json.jbuilder +1 -0
  236. data/app/views/active_stix/threat_actors/new.html.erb +5 -0
  237. data/app/views/active_stix/threat_actors/show.html.erb +4 -0
  238. data/app/views/active_stix/threat_actors/show.json.jbuilder +1 -0
  239. data/app/views/layouts/active_stix/application.html.erb +16 -0
  240. data/config/routes.rb +39 -0
  241. data/db/migrate/20191204200025_create_active_stix_bundled_objects.rb +11 -0
  242. data/db/migrate/20191204213707_create_active_stix_bundles.rb +10 -0
  243. data/db/migrate/20191204213802_create_active_stix_campaigns.rb +15 -0
  244. data/db/migrate/20191204213926_create_active_stix_course_of_actions.rb +12 -0
  245. data/db/migrate/20191204214020_create_active_stix_cyber_observables.rb +11 -0
  246. data/db/migrate/20191204214955_create_active_stix_email_messages.rb +20 -0
  247. data/db/migrate/20191204215029_create_active_stix_external_references.rb +12 -0
  248. data/db/migrate/20191204215302_create_active_stix_files.rb +23 -0
  249. data/db/migrate/20191204215419_create_active_stix_identities.rb +13 -0
  250. data/db/migrate/20191204215542_create_active_stix_indicator_labels.rb +10 -0
  251. data/db/migrate/20191204215637_create_active_stix_indicators.rb +16 -0
  252. data/db/migrate/20191204215849_create_active_stix_intrusion_sets.rb +15 -0
  253. data/db/migrate/20191204215929_create_active_stix_kill_chain_phases.rb +10 -0
  254. data/db/migrate/20191204215951_create_active_stix_kill_chains.rb +9 -0
  255. data/db/migrate/20191204220149_create_active_stix_malwares.rb +12 -0
  256. data/db/migrate/20191204220539_create_active_stix_marking_definitions.rb +12 -0
  257. data/db/migrate/20191204220853_create_active_stix_observed_data.rb +12 -0
  258. data/db/migrate/20191204220917_create_active_stix_open_vocabularies.rb +9 -0
  259. data/db/migrate/20191204220952_create_active_stix_phases.rb +11 -0
  260. data/db/migrate/20191204221129_create_active_stix_recipients.rb +10 -0
  261. data/db/migrate/20191204221227_create_active_stix_relationships.rb +16 -0
  262. data/db/migrate/20191204221323_create_active_stix_report_objects.rb +11 -0
  263. data/db/migrate/20191204221359_create_active_stix_reports.rb +14 -0
  264. data/db/migrate/20191204221425_create_active_stix_threat_actors.rb +11 -0
  265. data/db/migrate/20191204221454_create_active_stix_tools.rb +12 -0
  266. data/db/migrate/20191204221639_create_active_stix_urls.rb +9 -0
  267. data/db/migrate/20191204221849_create_active_stix_users.rb +22 -0
  268. data/db/migrate/20191205182234_create_active_stix_bcc_refs.rb +10 -0
  269. data/db/migrate/20191205182255_create_active_stix_cc_refs.rb +10 -0
  270. data/db/migrate/20191205182316_create_active_stix_to_refs.rb +10 -0
  271. data/db/migrate/20191212203611_add_spec_version_to_bundles.rb +5 -0
  272. data/db/migrate/20191212215136_create_active_stix_attack_patterns.rb +12 -0
  273. data/db/migrate/20191212220222_create_active_stix_reference_items.rb +11 -0
  274. data/db/migrate/20191213135204_create_active_stix_labels.rb +10 -0
  275. data/db/migrate/20191213140951_create_active_stix_markups.rb +11 -0
  276. data/db/migrate/20191221210537_fix_observed_data.rb +6 -0
  277. data/db/migrate/20191221223602_create_active_stix_artifacts.rb +16 -0
  278. data/db/migrate/20191223075550_change_artifact_ref_to_string.rb +5 -0
  279. data/db/migrate/20191223154000_add_stix_id_to_email_messages.rb +5 -0
  280. data/db/migrate/20200114162245_add_labels_to_active_stix_identities.rb +5 -0
  281. data/db/migrate/20200404223006_add_aliases_to_tools.rb +5 -0
  282. data/db/migrate/20200404223047_add_aliases_to_attack_patterns.rb +5 -0
  283. data/db/migrate/20200404223158_add_aliases_to_malwares.rb +5 -0
  284. data/db/migrate/20200404223210_add_aliases_to_threat_actors.rb +5 -0
  285. data/lib/active_stix.rb +8 -0
  286. data/lib/active_stix/engine.rb +13 -0
  287. data/lib/active_stix/version.rb +3 -0
  288. data/lib/tasks/active_stix_tasks.rake +4 -0
  289. metadata +358 -0
@@ -0,0 +1,6 @@
1
+ module ActiveStix
2
+ class ToRef < ActiveStix::Recipient
3
+ belongs_to :email_message
4
+ belongs_to :email_address
5
+ end
6
+ end
@@ -0,0 +1,112 @@
1
+ class ActiveStix::Tool < ApplicationRecord
2
+ has_many :reference_items, as: 'referrer'
3
+ has_many :external_references, through: :reference_items
4
+
5
+ has_many :markups, as: :labelable
6
+ has_many :labels, through: :markups
7
+
8
+ def self.expected_keys
9
+ [
10
+ 'description',
11
+ 'external_references',
12
+ 'object_marking_refs',
13
+ 'created_by_ref',
14
+ 'labels'
15
+ ]
16
+ end
17
+
18
+ def type
19
+ 'tool'
20
+ end
21
+
22
+ def self.ingest_json(obj)
23
+ tool = find_or_create_by(stix_id: obj['id'], name: obj['name'])
24
+
25
+ expected_keys.each do |expected_key|
26
+ if obj.has_key?(expected_key)
27
+ send(expected_key, *[tool, obj])
28
+ end
29
+ end
30
+
31
+ tool.save
32
+ tool
33
+ end
34
+
35
+ def self.object_marking_refs(tool, obj)
36
+ # obj['object_marking_refs'].each do |mr|
37
+ # marking_definition = ActiveStix::MarkingDefinition.create_by_id(mr)
38
+ # tool.marking_definitions << marking_definition unless ActiveStix::ReferenceObjectMarkingTool.find_by(stix_marking_definition_id:marking_definition.id, stix_tool_id:tool.id)
39
+ # end todo
40
+ end
41
+
42
+ def self.description(tool, obj)
43
+ tool.description = obj['description']
44
+ end
45
+
46
+ def self.created_by_ref(tool, obj)
47
+ tool.created_by_ref = obj['created_by_ref']
48
+ end
49
+
50
+ def self.external_references(tool, obj)
51
+ obj['external_references'].each do |er|
52
+ external_reference = ActiveStix::ExternalReference.ingest_json(er, obj['id'])
53
+ tool.external_references << external_reference unless ActiveStix::ReferenceItem.find_by(external_reference: external_reference, referrer: tool)
54
+ end
55
+ end
56
+
57
+
58
+ def self.labels(tool, obj)
59
+ obj['labels'].each do |lab|
60
+ label = ActiveStix::Label.ingest_label('tool', lab)
61
+ tool.labels << label unless ActiveStix::Markup.find_by(labelable: tool, label: label)
62
+ end
63
+ end
64
+
65
+
66
+ def as_stix(classification = nil, chess = nil)
67
+ as_json
68
+ end
69
+
70
+
71
+ def convert_to_json
72
+ external_refs_arr = []
73
+ external_references.each do |x|
74
+ external_refs_arr << x.convert_to_json
75
+ end
76
+
77
+ # marking_def_arr = []
78
+ # marking_definitions.each do | x |
79
+ # marking_def_arr << x.convert_to_json
80
+ # end todo
81
+
82
+ platform_arr = []
83
+ platforms.each do |x|
84
+ platform_arr << x.convert_to_json
85
+ end
86
+
87
+ labels_arr = []
88
+ labels.each do |x|
89
+ labels_arr << x.open_vocabulary.convert_to_json
90
+ end
91
+
92
+
93
+ alias_arr = []
94
+ attack_aliases.each do |x|
95
+ alias_arr << x.convert_to_json
96
+ end
97
+
98
+ {
99
+ :external_references => external_refs_arr,
100
+ # :object_marking_refs => marking_def_arr,
101
+ :modified => updated_at.to_s,
102
+ :created_by_ref => created_by_ref,
103
+ :id => stix_id,
104
+ :name => name,
105
+ :created => created_at.to_s,
106
+ :labels => labels_arr,
107
+ :type => "tool",
108
+ :description => description
109
+ }
110
+ end
111
+
112
+ end
@@ -0,0 +1,15 @@
1
+ module ActiveStix
2
+ class Url < ApplicationRecord
3
+
4
+ has_many :cyber_observables, :class_name => 'ActiveStix::CyberObservable', foreign_key: :observable_object_id
5
+ has_many :observed_data, through: :cyber_observables, :class_name => "ActiveStix::ObservedDatum"
6
+
7
+ after_create do
8
+ ObservedDatum.wrap_object(self)
9
+ end
10
+
11
+ def type
12
+ "url"
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,4 @@
1
+ module ActiveStix
2
+ class User < ApplicationRecord
3
+ end
4
+ end
@@ -0,0 +1,3 @@
1
+ class ActiveStix::UserAccount < ApplicationRecord
2
+ belongs_to :identity
3
+ end
@@ -0,0 +1,57 @@
1
+ <%= form_with(model: artifact, local: true) do |form| %>
2
+ <% if artifact.errors.any? %>
3
+ <div id="error_explanation">
4
+ <h2><%= pluralize(artifact.errors.count, "error") %> prohibited this artifact from being saved:</h2>
5
+
6
+ <ul>
7
+ <% artifact.errors.full_messages.each do |message| %>
8
+ <li><%= message %></li>
9
+ <% end %>
10
+ </ul>
11
+ </div>
12
+ <% end %>
13
+
14
+ <div class="field">
15
+ <%= form.label :stix_id %>
16
+ <%= form.text_field :stix_id %>
17
+ </div>
18
+
19
+ <div class="field">
20
+ <%= form.label :type %>
21
+ <%= form.text_field :type %>
22
+ </div>
23
+
24
+ <div class="field">
25
+ <%= form.label :mime_type %>
26
+ <%= form.text_field :mime_type %>
27
+ </div>
28
+
29
+ <div class="field">
30
+ <%= form.label :payload_bin %>
31
+ <%= form.text_field :payload_bin %>
32
+ </div>
33
+
34
+ <div class="field">
35
+ <%= form.label :url %>
36
+ <%= form.text_field :url %>
37
+ </div>
38
+
39
+ <div class="field">
40
+ <%= form.label :hashes %>
41
+ <%= form.text_field :hashes %>
42
+ </div>
43
+
44
+ <div class="field">
45
+ <%= form.label :encryption_algorithm %>
46
+ <%= form.text_field :encryption_algorithm %>
47
+ </div>
48
+
49
+ <div class="field">
50
+ <%= form.label :decryption_key %>
51
+ <%= form.text_field :decryption_key %>
52
+ </div>
53
+
54
+ <div class="actions">
55
+ <%= form.submit %>
56
+ </div>
57
+ <% end %>
@@ -0,0 +1,6 @@
1
+ <h1>Editing Artifact</h1>
2
+
3
+ <%= render 'form', artifact: @artifact %>
4
+
5
+ <%= link_to 'Show', @artifact %> |
6
+ <%= link_to 'Back', artifacts_path %>
@@ -0,0 +1,41 @@
1
+ <p id="notice"><%= notice %></p>
2
+
3
+ <h1>Artifacts</h1>
4
+
5
+ <table>
6
+ <thead>
7
+ <tr>
8
+ <th>Stix</th>
9
+ <th>Type</th>
10
+ <th>Mime type</th>
11
+ <th>Payload bin</th>
12
+ <th>Url</th>
13
+ <th>Hashes</th>
14
+ <th>Encryption algorithm</th>
15
+ <th>Decryption key</th>
16
+ <th colspan="3"></th>
17
+ </tr>
18
+ </thead>
19
+
20
+ <tbody>
21
+ <% @artifacts.each do |artifact| %>
22
+ <tr>
23
+ <td><%= artifact.stix_id %></td>
24
+ <td><%= artifact.type %></td>
25
+ <td><%= artifact.mime_type %></td>
26
+ <td><%= artifact.payload_bin %></td>
27
+ <td><%= artifact.url %></td>
28
+ <td><%= artifact.hashes %></td>
29
+ <td><%= artifact.encryption_algorithm %></td>
30
+ <td><%= artifact.decryption_key %></td>
31
+ <td><%= link_to 'Show', artifact %></td>
32
+ <td><%= link_to 'Edit', edit_artifact_path(artifact) %></td>
33
+ <td><%= link_to 'Destroy', artifact, method: :delete, data: { confirm: 'Are you sure?' } %></td>
34
+ </tr>
35
+ <% end %>
36
+ </tbody>
37
+ </table>
38
+
39
+ <br>
40
+
41
+ <%= link_to 'New Artifact', new_artifact_path %>
@@ -0,0 +1,5 @@
1
+ <h1>New Artifact</h1>
2
+
3
+ <%= render 'form', artifact: @artifact %>
4
+
5
+ <%= link_to 'Back', artifacts_path %>
@@ -0,0 +1,44 @@
1
+ <p id="notice"><%= notice %></p>
2
+
3
+ <p>
4
+ <strong>Stix:</strong>
5
+ <%= @artifact.stix_id %>
6
+ </p>
7
+
8
+ <p>
9
+ <strong>Type:</strong>
10
+ <%= @artifact.type %>
11
+ </p>
12
+
13
+ <p>
14
+ <strong>Mime type:</strong>
15
+ <%= @artifact.mime_type %>
16
+ </p>
17
+
18
+ <p>
19
+ <strong>Payload bin:</strong>
20
+ <%= @artifact.payload_bin %>
21
+ </p>
22
+
23
+ <p>
24
+ <strong>Url:</strong>
25
+ <%= @artifact.url %>
26
+ </p>
27
+
28
+ <p>
29
+ <strong>Hashes:</strong>
30
+ <%= @artifact.hashes %>
31
+ </p>
32
+
33
+ <p>
34
+ <strong>Encryption algorithm:</strong>
35
+ <%= @artifact.encryption_algorithm %>
36
+ </p>
37
+
38
+ <p>
39
+ <strong>Decryption key:</strong>
40
+ <%= @artifact.decryption_key %>
41
+ </p>
42
+
43
+ <%= link_to 'Edit', edit_artifact_path(@artifact) %> |
44
+ <%= link_to 'Back', artifacts_path %>
@@ -0,0 +1,37 @@
1
+ <%= form_with(model: attack_pattern, local: true) do |form| %>
2
+ <% if attack_pattern.errors.any? %>
3
+ <div id="error_explanation">
4
+ <h2><%= pluralize(attack_pattern.errors.count, "error") %> prohibited this attack_pattern from being saved:</h2>
5
+
6
+ <ul>
7
+ <% attack_pattern.errors.full_messages.each do |message| %>
8
+ <li><%= message %></li>
9
+ <% end %>
10
+ </ul>
11
+ </div>
12
+ <% end %>
13
+
14
+ <div class="field">
15
+ <%= form.label :name %>
16
+ <%= form.text_field :name %>
17
+ </div>
18
+
19
+ <div class="field">
20
+ <%= form.label :description %>
21
+ <%= form.text_area :description %>
22
+ </div>
23
+
24
+ <div class="field">
25
+ <%= form.label :kill_chain_phases %>
26
+ <%= form.text_field :kill_chain_phases %>
27
+ </div>
28
+
29
+ <div class="field">
30
+ <%= form.label :stix_id %>
31
+ <%= form.text_field :stix_id %>
32
+ </div>
33
+
34
+ <div class="actions">
35
+ <%= form.submit %>
36
+ </div>
37
+ <% end %>
@@ -0,0 +1,2 @@
1
+ <h1>ActiveStix::AttackPatterns#edit</h1>
2
+ <p>Find me in app/views/stix/attack_patterns/edit.html.erb</p>
@@ -0,0 +1,2 @@
1
+ <h1>ActiveStix::AttackPatterns#index</h1>
2
+ <p>Find me in app/views/stix/attack_patterns/index.html.erb</p>
@@ -0,0 +1,2 @@
1
+ <h1>ActiveStix::AttackPatterns#new</h1>
2
+ <p>Find me in app/views/stix/attack_patterns/new.html.erb</p>
@@ -0,0 +1,140 @@
1
+ <p id="notice"><%= notice %></p>
2
+
3
+ <% markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, fenced_code_blocks: true) %>
4
+
5
+ <% if @attack_pattern.external_references.collect {|x| x.source_name }.include?("mitre-attack") %>
6
+ <div>
7
+ <div style="max-width:70%; margin-left:2%;color:black">
8
+ <h2><%= @attack_pattern.name %></h2>
9
+ <br>
10
+ <strong style="color:black">Description:</strong>
11
+ <br>
12
+ <div style="margin-left:1%;color:black">
13
+ <%= markdown.render(@attack_pattern.description).html_safe %>
14
+ </div>
15
+ <br>
16
+ <br>
17
+
18
+ <strong style="color:black">Examples</strong>
19
+ <br>
20
+ <table style="margin-left:1%;border:1px solid black;color:black">
21
+ <tr bgcolor="#F0F0F0">
22
+ <th style="border:1px solid black">Name</th>
23
+ <th style="border:1px solid black">Description</th>
24
+ </tr>
25
+
26
+ <% @attack_pattern.target_relationships.where("relationship_type = 'uses'").each do | rel | %>
27
+ <!-- make sure stix tools objects aren't included in the list -->
28
+ <% next if rel.source.name.include?("--") %>
29
+ <tr>
30
+ <td style="border:1px solid black;color:black"> <%= rel.source.name %> </td>
31
+ <td style="border:1px solid black;color:black"> <%= markdown.render(rel.description).html_safe %></td>
32
+ </tr>
33
+ <% end %>
34
+ </table>
35
+ <br>
36
+ <br>
37
+
38
+ <strong style="color:black">Mitigation:</strong>
39
+ <br>
40
+ <div style="margin-left:1%;color:black">
41
+ <%= markdown.render(@attack_pattern.target_relationships.where("relationship_type='mitigates'").first.source.description).html_safe %>
42
+ </div>
43
+ <br>
44
+ <br>
45
+
46
+
47
+ <strong style="color:black">Detection:</strong>
48
+ <br>
49
+ <div style="margin-left:1%;color:black">
50
+ <%= markdown.render(@attack_pattern.detections.first.description).html_safe %>
51
+ </div>
52
+ <br>
53
+ <br>
54
+
55
+ <div style="position:absolute;top:150px;right:100px;width:300px;height:400px;border:1px solid black;padding:10px;color:black">
56
+ <strong>ID:</strong>
57
+ <%= @attack_pattern.external_references.find_by("source_name = 'mitre-attack'").external_id %>
58
+ <br>
59
+ <Strong>Tactic:</Strong>
60
+ <%= @attack_pattern.phases.first.name %>
61
+ <br>
62
+ <Strong>Platform:</Strong>
63
+ <% platform_array = [] %>
64
+ <% @attack_pattern.platforms.each do | plat | %>
65
+ <% platform_array << plat.platform %>
66
+ <% end %>
67
+ <%= platform_array.join(", ") %>
68
+
69
+ <br>
70
+ <Strong>Permissions Required:</Strong>
71
+ <% perm_array = [] %>
72
+ <% @attack_pattern.permissions_requireds.each do | perm | %>
73
+ <% perm_array << perm.permission %>
74
+ <% end %>
75
+ <%= perm_array.join(", ") %>
76
+ <br>
77
+ <Strong>Data Sources:</Strong>
78
+ <% src_array = [] %>
79
+ <% platform_array = [] %>
80
+ <% @attack_pattern.data_sources.each do | src | %>
81
+ <% src_array << src.source %>
82
+ <% end %>
83
+ <%= src_array.join(", ") %>
84
+ <br>
85
+ <Strong>Version:</Strong>
86
+ <%= @attack_pattern.versions.first.version %>
87
+
88
+ </div>
89
+ </div>
90
+ </div>
91
+ <% elsif @attack_pattern.external_references.collect {|x| x.source_name }.include?("mitre-pre-attack") %>
92
+ <div>
93
+ <div style="max-width:70%; margin-left:2%;color:black">
94
+ <h2><%= @attack_pattern.name %></h2>
95
+ <br>
96
+ <strong style="color:black">Description:</strong>
97
+ <br>
98
+ <div style="margin-left:1%;color:black">
99
+ <%= markdown.render(@attack_pattern.description).html_safe %>
100
+ </div>
101
+ <br>
102
+ <strong style="color:black">Detection:</strong>
103
+ <br>
104
+ <div style="margin-left:1%;">
105
+ <strong>Detectable by Common Defenses (Yes/No/Partial):</strong> <%= @attack_pattern.detectable_by_common_defenses.first.detectable %>
106
+ </div>
107
+
108
+ <br>
109
+ <div style="margin-left:1%">
110
+ <strong>Explanation:</strong> <%= @attack_pattern.detectable_by_common_defenses_explanations.first.explanation %>
111
+ </div>
112
+
113
+ <br>
114
+ <strong>Difficulty for the Adversary:</strong>
115
+ <div style="margin-left:1%;">
116
+ <strong>Easy for the Adversary (Yes/No):</strong> <%= @attack_pattern.difficulty_for_adversaries.first.difficulty %>
117
+ </div>
118
+
119
+ <br>
120
+ <div style="margin-left:1%">
121
+ <strong>Explanation:</strong> <%= @attack_pattern.difficulty_for_adversary_explanations.first.explanation %>
122
+ </div>
123
+
124
+ <div style="position:absolute;top:150px;right:100px;width:300px;height:300px;border:1px solid black;padding:10px;color:black">
125
+ <strong>ID:</strong>
126
+ <%= @attack_pattern.external_references.find_by("source_name = 'mitre-pre-attack'").external_id %>
127
+ <br>
128
+ <Strong>Tactic:</Strong>
129
+ <%= @attack_pattern.phases.first.name %>
130
+ <br>
131
+ <Strong>Version:</Strong>
132
+ <%= @attack_pattern.versions.first.version %>
133
+
134
+ </div>
135
+ </div>
136
+
137
+ </div>
138
+ <% else %>
139
+ <%= "Error" %>
140
+ <% end %>