active_stix 0.1.21

data/app/controllers/active_stix/email_messages_controller.rb

@@ -0,0 +1,26 @@
+class ActiveStix::EmailMessagesController < ApplicationController
+  before_action :set_stix_email_message, only: [:show, :edit, :update, :destroy]
+
+  # GET /stix/email_messages
+  # GET /stix/email_messages.json
+  def index
+    @email_messages = ActiveStix::EmailMessage.order("created_at DESC").page params[:page]
+  end
+
+  # GET /stix/email_messages/1
+  # GET /stix/email_messages/1.json
+  def show
+  end
+
+  private
+
+  # Use callbacks to share common setup or constraints between actions.
+  def set_stix_email_message
+    @email_message = ActiveStix::EmailMessage.find(params[:id])
+  end
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def stix_email_message_params
+    params.require(:email_message).permit(:type, :is_multipart, :date, :content_type, :from_ref, :sender_ref, :to_refs_link_id, :cc_refs_link_id, :bcc_refs_link_id, :subject, :received_lines_link_id, :body, :body_multipart_link_id, :raw_email_ref)
+  end
+end

data/app/controllers/active_stix/external_references_controller.rb

@@ -0,0 +1,62 @@
+require_dependency "active_stix/application_controller"
+
+module ActiveStix
+  class ExternalReferencesController < ApplicationController
+    before_action :set_external_reference, only: [:show, :edit, :update, :destroy]
+
+    # GET /external_references
+    def index
+      @external_references = ExternalReference.all
+    end
+
+    # GET /external_references/1
+    def show
+    end
+
+    # GET /external_references/new
+    def new
+      @external_reference = ExternalReference.new
+    end
+
+    # GET /external_references/1/edit
+    def edit
+    end
+
+    # POST /external_references
+    def create
+      @external_reference = ExternalReference.new(external_reference_params)
+
+      if @external_reference.save
+        redirect_to @external_reference, notice: 'External reference was successfully created.'
+      else
+        render :new
+      end
+    end
+
+    # PATCH/PUT /external_references/1
+    def update
+      if @external_reference.update(external_reference_params)
+        redirect_to @external_reference, notice: 'External reference was successfully updated.'
+      else
+        render :edit
+      end
+    end
+
+    # DELETE /external_references/1
+    def destroy
+      @external_reference.destroy
+      redirect_to external_references_url, notice: 'External reference was successfully destroyed.'
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_external_reference
+        @external_reference = ExternalReference.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def external_reference_params
+        params.require(:external_reference).permit(:source_name, :description, :url, :external_id)
+      end
+  end
+end

data/app/controllers/active_stix/files_controller.rb

@@ -0,0 +1,74 @@
+class ActiveStix::FilesController < ApplicationController
+  before_action :set_stix_file, only: [:show, :edit, :update, :destroy]
+
+  # GET /stix/files
+  # GET /stix/files.json
+  def index
+    @files = ActiveStix::File.all
+  end
+
+  # GET /stix/files/1
+  # GET /stix/files/1.json
+  def show
+  end
+
+  # GET /stix/files/new
+  def new
+    @file = ActiveStix::File.new
+  end
+
+  # GET /stix/files/1/edit
+  def edit
+  end
+
+  # POST /stix/files
+  # POST /stix/files.json
+  def create
+    @file = ActiveStix::File.new(stix_file_params)
+
+    respond_to do |format|
+      if @file.save
+        format.html { redirect_to @file, notice: 'File was successfully created.' }
+        format.json { render :show, status: :created, location: @file }
+      else
+        format.html { render :new }
+        format.json { render json: @file.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # PATCH/PUT /stix/files/1
+  # PATCH/PUT /stix/files/1.json
+  def update
+    respond_to do |format|
+      if @file.update(stix_file_params)
+        format.html { redirect_to @file, notice: 'File was successfully updated.' }
+        format.json { render :show, status: :ok, location: @file }
+      else
+        format.html { render :edit }
+        format.json { render json: @file.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /stix/files/1
+  # DELETE /stix/files/1.json
+  def destroy
+    @file.destroy
+    respond_to do |format|
+      format.html { redirect_to stix_files_url, notice: 'File was successfully destroyed.' }
+      format.json { head :no_content }
+    end
+  end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_stix_file
+      @file = ActiveStix::File.find(params[:id])
+    end
+
+    # Never trust parameters from the scary internet, only allow the white list through.
+    def stix_file_params
+      params.require(:file).permit(:extensions, :hashes, :size, :name, :name_enc, :magic_number_hex, :mime_type, :created_file, :modified_file, :accessed_file, :parent_directory_ref, :is_encrypted, :encryption_algorithm, :decryption_key, :content_ref)
+    end
+end

data/app/controllers/active_stix/identities_controller.rb

@@ -0,0 +1,128 @@
+class ActiveStix::IdentitiesController < ApplicationController
+  before_action :set_stix_identity, only: [:show, :edit, :update, :destroy, :corpus]
+
+  # GET /stix/identities
+  # GET /stix/identities.json
+  def index
+    @identities = ActiveStix::Identity.where("name like ?", "%#{params[:search]}%").order("name").page params[:page]
+  end
+
+  # GET /stix/identities/1
+  # GET /stix/identities/1.json
+  def show
+    if @identity.identity_class == 'organization'
+      @employment_records = @identity.source_relationships.where(relationship_type: "employs").page(params[:page])
+      @threat_groups = @identity.threat_groups
+      @attack_patterns = @identity.attack_patterns
+    else
+      case params[:mailbox]
+      when 'sent'
+        @mailbox = "Sent"
+        @sent_email_messages = @identity.email_messages.includes(:eml).order("created_at DESC").page(params[:page])
+      when 'received'
+        @mailbox = "Received"
+        @received_email_messages = @identity.to_refs.order("created_at DESC").page(params[:page])
+      else
+        @mailbox = "Sent"
+        @sent_email_messages = @identity.email_messages.includes(:eml).order("created_at DESC").page(params[:page])
+      end
+    end
+  end
+
+  # GET /stix/identities/new
+  def new
+    @identity = ActiveStix::Identity.new
+  end
+
+  # GET /stix/identities/1/edit
+  def edit
+  end
+
+  # POST /stix/identities
+  # POST /stix/identities.json
+  def create
+    @identity = ActiveStix::Identity.new(stix_identity_params)
+    @identity.identity_class = "organization"
+
+    respond_to do |format|
+      if @identity.save
+        Ldap.stix_ingest(@identity, params[:identity][:uploaded_file].path)
+        format.html {redirect_to @identity, notice: 'Identity was successfully created.'}
+        format.json {render :show, status: :created, location: @identity}
+      else
+        format.html {render :new}
+        format.json {render json: @identity.errors, status: :unprocessable_entity}
+      end
+    end
+  end
+
+  # PATCH/PUT /stix/identities/1
+  # PATCH/PUT /stix/identities/1.json
+  def update
+    respond_to do |format|
+      if @identity.update(stix_identity_params)
+        format.html {redirect_to @identity, notice: 'Identity was successfully updated.'}
+        format.json {render :show, status: :ok, location: @identity}
+      else
+        format.html {render :edit}
+        format.json {render json: @identity.errors, status: :unprocessable_entity}
+      end
+    end
+  end
+
+  # DELETE /stix/identities/1
+  # DELETE /stix/identities/1.json
+  def destroy
+    @identity.destroy
+    respond_to do |format|
+      format.html {redirect_to stix_identities_url, notice: 'Identity was successfully destroyed.'}
+      format.json {head :no_content}
+    end
+  end
+
+  def employment
+    organization = ActiveStix::Identity.find(params[:organization_id])
+    @identity = ActiveStix::Identity.find(params[:identity_id])
+
+    respond_to do |format|
+      if ActiveStix::Identity.employ(@identity, organization)
+        format.html {redirect_to @identity, notice: 'Identity was successfully updated.'}
+        format.json {render :show, status: :ok, location: @identity}
+      else
+        format.html {render @identity, notice: 'Could not create employment.'}
+        format.json {render json: @identity.errors, status: :unprocessable_entity}
+      end
+    end
+
+  end
+
+  def attribution
+
+    organization = ActiveStix::Identity.find(params[:identity_id])
+    threat_actor = ActiveStix::ThreatActor.find(params[:threat_actor_id])
+    ActiveStix::Relationship.relate(threat_actor, organization, "attributed-to")
+
+    respond_to do |format|
+      format.html {redirect_to organization, notice: 'Identity was successfully updated.'}
+      format.json {render :show, status: :ok, location: organization}
+    end
+  end
+
+  def corpus
+    #download all the email attachments in an evaluation
+    send_data(File.read(@identity.corpus(params[:mailbox])), :type => 'application/zip', :disposition => "attachment")
+  end
+
+  private
+
+  # Use callbacks to share common setup or constraints between actions.
+  def set_stix_identity
+    @identity = ActiveStix::Identity.find(params[:id] || params[:identity_id])
+  end
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def stix_identity_params
+    params.require(:identity).permit(:name, :description, :identity_class, :contact_information, :known_person, :legitimate_organization)
+  end
+
+end

data/app/controllers/active_stix/indicator_labels_controller.rb

@@ -0,0 +1,62 @@
+require_dependency "active_stix/application_controller"
+
+module ActiveStix
+  class IndicatorLabelsController < ApplicationController
+    before_action :set_indicator_label, only: [:show, :edit, :update, :destroy]
+
+    # GET /indicator_labels
+    def index
+      @indicator_labels = IndicatorLabel.all
+    end
+
+    # GET /indicator_labels/1
+    def show
+    end
+
+    # GET /indicator_labels/new
+    def new
+      @indicator_label = IndicatorLabel.new
+    end
+
+    # GET /indicator_labels/1/edit
+    def edit
+    end
+
+    # POST /indicator_labels
+    def create
+      @indicator_label = IndicatorLabel.new(indicator_label_params)
+
+      if @indicator_label.save
+        redirect_to @indicator_label, notice: 'Indicator label was successfully created.'
+      else
+        render :new
+      end
+    end
+
+    # PATCH/PUT /indicator_labels/1
+    def update
+      if @indicator_label.update(indicator_label_params)
+        redirect_to @indicator_label, notice: 'Indicator label was successfully updated.'
+      else
+        render :edit
+      end
+    end
+
+    # DELETE /indicator_labels/1
+    def destroy
+      @indicator_label.destroy
+      redirect_to indicator_labels_url, notice: 'Indicator label was successfully destroyed.'
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_indicator_label
+        @indicator_label = IndicatorLabel.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def indicator_label_params
+        params.require(:indicator_label).permit(:label_id, :indicator_id)
+      end
+  end
+end

data/app/controllers/active_stix/indicators_controller.rb

@@ -0,0 +1,62 @@
+require_dependency "active_stix/application_controller"
+
+module ActiveStix
+  class IndicatorsController < ApplicationController
+    before_action :set_indicator, only: [:show, :edit, :update, :destroy]
+
+    # GET /indicators
+    def index
+      @indicators = Indicator.all
+    end
+
+    # GET /indicators/1
+    def show
+    end
+
+    # GET /indicators/new
+    def new
+      @indicator = Indicator.new
+    end
+
+    # GET /indicators/1/edit
+    def edit
+    end
+
+    # POST /indicators
+    def create
+      @indicator = Indicator.new(indicator_params)
+
+      if @indicator.save
+        redirect_to @indicator, notice: 'Indicator was successfully created.'
+      else
+        render :new
+      end
+    end
+
+    # PATCH/PUT /indicators/1
+    def update
+      if @indicator.update(indicator_params)
+        redirect_to @indicator, notice: 'Indicator was successfully updated.'
+      else
+        render :edit
+      end
+    end
+
+    # DELETE /indicators/1
+    def destroy
+      @indicator.destroy
+      redirect_to indicators_url, notice: 'Indicator was successfully destroyed.'
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_indicator
+        @indicator = Indicator.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def indicator_params
+        params.require(:indicator).permit(:name, :labels, :description, :pattern, :valid_from, :valid_until, :kill_chain_phases, :active_stix_id)
+      end
+  end
+end

data/app/controllers/active_stix/intrusion_sets_controller.rb

@@ -0,0 +1,62 @@
+require_dependency "active_stix/application_controller"
+
+module ActiveStix
+  class IntrusionSetsController < ApplicationController
+    before_action :set_intrusion_set, only: [:show, :edit, :update, :destroy]
+
+    # GET /intrusion_sets
+    def index
+      @intrusion_sets = IntrusionSet.all
+    end
+
+    # GET /intrusion_sets/1
+    def show
+    end
+
+    # GET /intrusion_sets/new
+    def new
+      @intrusion_set = IntrusionSet.new
+    end
+
+    # GET /intrusion_sets/1/edit
+    def edit
+    end
+
+    # POST /intrusion_sets
+    def create
+      @intrusion_set = IntrusionSet.new(intrusion_set_params)
+
+      if @intrusion_set.save
+        redirect_to @intrusion_set, notice: 'Intrusion set was successfully created.'
+      else
+        render :new
+      end
+    end
+
+    # PATCH/PUT /intrusion_sets/1
+    def update
+      if @intrusion_set.update(intrusion_set_params)
+        redirect_to @intrusion_set, notice: 'Intrusion set was successfully updated.'
+      else
+        render :edit
+      end
+    end
+
+    # DELETE /intrusion_sets/1
+    def destroy
+      @intrusion_set.destroy
+      redirect_to intrusion_sets_url, notice: 'Intrusion set was successfully destroyed.'
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_intrusion_set
+        @intrusion_set = IntrusionSet.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def intrusion_set_params
+        params.require(:intrusion_set).permit(:name, :description, :first_seen, :last_seen, :active_stix_id, :aliases, :object_marking_refs)
+      end
+  end
+end