├── .gitchangelog.rc ├── .github └── workflows │ └── test.yml ├── LICENSE.md ├── README.md └── src ├── .gitignore ├── __init__.py ├── config.json.dist ├── config.schema.json ├── logging.yaml ├── logs └── .gitkeep ├── mispguard.py ├── requirements.txt └── test ├── __init__.py ├── fixtures ├── empty.json ├── test_analyst_data_index_minimal_non-blocked.json ├── test_analyst_note_blocked_distribution.json ├── test_analyst_note_non-blocked.json ├── test_analyst_opinion_blocked_distribution.json ├── test_analyst_opinion_non-blocked.json ├── test_analyst_relationship_blocked_distribution.json ├── test_analyst_relationship_non-blocked.json ├── test_event_blocked_attribute_analyst_relationship_distribution.json ├── test_event_blocked_attribute_category.json ├── test_event_blocked_attribute_distribution.json ├── test_event_blocked_attribute_note_distribution.json ├── test_event_blocked_attribute_opinion_distribution.json ├── test_event_blocked_attribute_sharing_group.json ├── test_event_blocked_attribute_tags.json ├── test_event_blocked_attribute_type.json ├── test_event_blocked_event_distribution.json ├── test_event_blocked_event_report_distribution.json ├── test_event_blocked_object_analyst_relationship_distribution.json ├── test_event_blocked_object_attribute_category.json ├── test_event_blocked_object_attribute_distribution.json ├── test_event_blocked_object_attribute_sharing_group.json ├── test_event_blocked_object_attribute_tags.json ├── test_event_blocked_object_attribute_type.json ├── test_event_blocked_object_distribution.json ├── test_event_blocked_object_note_distribution.json ├── test_event_blocked_object_opinion_distribution.json ├── test_event_blocked_object_shadow_attribute_type.json ├── test_event_blocked_object_sharing_group.json ├── test_event_blocked_object_type.json ├── test_event_blocked_required_allowed_tag.json ├── test_event_blocked_required_blocked_tag.json ├── test_event_blocked_required_tag.json ├── test_event_blocked_sharing_group.json ├── test_event_blocked_tags.json ├── test_event_non-blocked.json ├── test_event_non-blocked_required_allowed_tag.json ├── test_event_note_blocked_distribution.json ├── test_event_opinion_blocked_distribution.json ├── test_event_relationship_blocked_distribution.json ├── test_event_xuserorguuid-attribute_blocked_sharing_group.json ├── test_event_xuserorguuid-blocked_sharing_group.json ├── test_event_xuserorguuid-object-attribute_blocked_sharing_group.json ├── test_filter_analyst_data_for_push_non-blocked.json ├── test_galaxy_cluster_blocked_distribution.json ├── test_galaxy_cluster_non-blocked_distribution.json ├── test_galaxy_clusters_blocked_distribution.json ├── test_galaxy_clusters_non-blocked_distribution.json ├── test_invalid_config.json ├── test_push_analyst_note_blocked_distribution.json ├── test_push_analyst_note_non-blocked.json ├── test_push_analyst_opinion_blocked_distribution.json ├── test_push_analyst_opinion_non-blocked.json ├── test_push_analyst_relationship_blocked_distribution.json ├── test_push_analyst_relationship_blocked_related_attribute_distribution.json ├── test_push_analyst_relationship_blocked_related_event_distribution.json ├── test_push_analyst_relationship_blocked_related_object_distribution.json ├── test_push_analyst_relationship_non-blocked.json ├── test_shadow_attributes_blocked_category.json ├── test_shadow_attributes_blocked_distribution.json ├── test_shadow_attributes_blocked_sharing_group.json ├── test_shadow_attributes_blocked_tag.json └── test_shadow_attributes_blocked_type.json ├── test_config.json ├── test_misp_guard.py ├── test_pull_scenarios.json └── test_push_scenarios.json /.gitchangelog.rc: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8; mode: python -*- 2 | ## 3 | ## Format 4 | ## 5 | ## ACTION: [AUDIENCE:] COMMIT_MSG [!TAG ...] 6 | ## 7 | ## Description 8 | ## 9 | ## ACTION is one of 'chg', 'fix', 'new' 10 | ## 11 | ## Is WHAT the change is about. 12 | ## 13 | ## 'chg' is for refactor, small improvement, cosmetic changes... 14 | ## 'fix' is for bug fixes 15 | ## 'new' is for new features, big improvement 16 | ## 17 | ## AUDIENCE is optional and one of 'dev', 'usr', 'pkg', 'test', 'doc'|'docs' 18 | ## 19 | ## Is WHO is concerned by the change. 20 | ## 21 | ## 'dev' is for developpers (API changes, refactors...) 22 | ## 'usr' is for final users (UI changes) 23 | ## 'pkg' is for packagers (packaging changes) 24 | ## 'test' is for testers (test only related changes) 25 | ## 'doc' is for doc guys (doc only changes) 26 | ## 27 | ## COMMIT_MSG is ... well ... the commit message itself. 28 | ## 29 | ## TAGs are additionnal adjective as 'refactor' 'minor' 'cosmetic' 30 | ## 31 | ## They are preceded with a '!' or a '@' (prefer the former, as the 32 | ## latter is wrongly interpreted in github.) Commonly used tags are: 33 | ## 34 | ## 'refactor' is obviously for refactoring code only 35 | ## 'minor' is for a very meaningless change (a typo, adding a comment) 36 | ## 'cosmetic' is for cosmetic driven change (re-indentation, 80-col...) 37 | ## 'wip' is for partial functionality but complete subfunctionality. 38 | ## 39 | ## Example: 40 | ## 41 | ## new: usr: support of bazaar implemented 42 | ## chg: re-indentend some lines !cosmetic 43 | ## new: dev: updated code to be compatible with last version of killer lib. 44 | ## fix: pkg: updated year of licence coverage. 45 | ## new: test: added a bunch of test around user usability of feature X. 46 | ## fix: typo in spelling my name in comment. !minor 47 | ## 48 | ## Please note that multi-line commit message are supported, and only the 49 | ## first line will be considered as the "summary" of the commit message. So 50 | ## tags, and other rules only applies to the summary. The body of the commit 51 | ## message will be displayed in the changelog without reformatting. 52 | 53 | 54 | ## 55 | ## ``ignore_regexps`` is a line of regexps 56 | ## 57 | ## Any commit having its full commit message matching any regexp listed here 58 | ## will be ignored and won't be reported in the changelog. 59 | ## 60 | ignore_regexps = [ 61 | r'@minor', r'!minor', 62 | r'@cosmetic', r'!cosmetic', 63 | r'@refactor', r'!refactor', 64 | r'@wip', r'!wip', 65 | r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*[p|P]kg:', 66 | r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*[d|D]ev:', 67 | r'^(.{3,3}\s*:)?\s*[fF]irst commit.?\s*$', 68 | ] 69 | 70 | 71 | ## ``section_regexps`` is a list of 2-tuples associating a string label and a 72 | ## list of regexp 73 | ## 74 | ## Commit messages will be classified in sections thanks to this. Section 75 | ## titles are the label, and a commit is classified under this section if any 76 | ## of the regexps associated is matching. 77 | ## 78 | ## Please note that ``section_regexps`` will only classify commits and won't 79 | ## make any changes to the contents. So you'll probably want to go check 80 | ## ``subject_process`` (or ``body_process``) to do some changes to the subject, 81 | ## whenever you are tweaking this variable. 82 | ## 83 | section_regexps = [ 84 | ('New', [ 85 | r'^[nN]ew\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$', 86 | ]), 87 | ('Changes', [ 88 | r'^[cC]hg\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$', 89 | ]), 90 | ('Fix', [ 91 | r'^[fF]ix\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$', 92 | ]), 93 | 94 | ('Other', None ## Match all lines 95 | ), 96 | 97 | ] 98 | 99 | 100 | ## ``body_process`` is a callable 101 | ## 102 | ## This callable will be given the original body and result will 103 | ## be used in the changelog. 104 | ## 105 | ## Available constructs are: 106 | ## 107 | ## - any python callable that take one txt argument and return txt argument. 108 | ## 109 | ## - ReSub(pattern, replacement): will apply regexp substitution. 110 | ## 111 | ## - Indent(chars=" "): will indent the text with the prefix 112 | ## Please remember that template engines gets also to modify the text and 113 | ## will usually indent themselves the text if needed. 114 | ## 115 | ## - Wrap(regexp=r"\n\n"): re-wrap text in separate paragraph to fill 80-Columns 116 | ## 117 | ## - noop: do nothing 118 | ## 119 | ## - ucfirst: ensure the first letter is uppercase. 120 | ## (usually used in the ``subject_process`` pipeline) 121 | ## 122 | ## - final_dot: ensure text finishes with a dot 123 | ## (usually used in the ``subject_process`` pipeline) 124 | ## 125 | ## - strip: remove any spaces before or after the content of the string 126 | ## 127 | ## - SetIfEmpty(msg="No commit message."): will set the text to 128 | ## whatever given ``msg`` if the current text is empty. 129 | ## 130 | ## Additionally, you can `pipe` the provided filters, for instance: 131 | #body_process = Wrap(regexp=r'\n(?=\w+\s*:)') | Indent(chars=" ") 132 | #body_process = Wrap(regexp=r'\n(?=\w+\s*:)') 133 | #body_process = noop 134 | body_process = ReSub(r'((^|\n)[A-Z]\w+(-\w+)*: .*(\n\s+.*)*)+$', r'') | strip 135 | 136 | 137 | ## ``subject_process`` is a callable 138 | ## 139 | ## This callable will be given the original subject and result will 140 | ## be used in the changelog. 141 | ## 142 | ## Available constructs are those listed in ``body_process`` doc. 143 | subject_process = (strip | 144 | ReSub(r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n@]*)(@[a-z]+\s+)*$', r'\4') | 145 | SetIfEmpty("No commit message.") | ucfirst | final_dot) 146 | 147 | 148 | ## ``tag_filter_regexp`` is a regexp 149 | ## 150 | ## Tags that will be used for the changelog must match this regexp. 151 | ## 152 | tag_filter_regexp = r'^v[0-9]+\.[0-9]+' 153 | 154 | 155 | 156 | ## ``unreleased_version_label`` is a string or a callable that outputs a string 157 | ## 158 | ## This label will be used as the changelog Title of the last set of changes 159 | ## between last valid tag and HEAD if any. 160 | unreleased_version_label = "%%version%% (unreleased)" 161 | 162 | 163 | ## ``output_engine`` is a callable 164 | ## 165 | ## This will change the output format of the generated changelog file 166 | ## 167 | ## Available choices are: 168 | ## 169 | ## - rest_py 170 | ## 171 | ## Legacy pure python engine, outputs ReSTructured text. 172 | ## This is the default. 173 | ## 174 | ## - mustache() 175 | ## 176 | ## Template name could be any of the available templates in 177 | ## ``templates/mustache/*.tpl``. 178 | ## Requires python package ``pystache``. 179 | ## Examples: 180 | ## - mustache("markdown") 181 | ## - mustache("restructuredtext") 182 | ## 183 | ## - makotemplate() 184 | ## 185 | ## Template name could be any of the available templates in 186 | ## ``templates/mako/*.tpl``. 187 | ## Requires python package ``mako``. 188 | ## Examples: 189 | ## - makotemplate("restructuredtext") 190 | ## 191 | #output_engine = rest_py 192 | #output_engine = mustache("restructuredtext") 193 | output_engine = mustache("markdown") 194 | #output_engine = makotemplate("restructuredtext") 195 | 196 | 197 | ## ``include_merge`` is a boolean 198 | ## 199 | ## This option tells git-log whether to include merge commits in the log. 200 | ## The default is to include them. 201 | include_merge = True 202 | 203 | 204 | ## ``log_encoding`` is a string identifier 205 | ## 206 | ## This option tells gitchangelog what encoding is outputed by ``git log``. 207 | ## The default is to be clever about it: it checks ``git config`` for 208 | ## ``i18n.logOutputEncoding``, and if not found will default to git's own 209 | ## default: ``utf-8``. 210 | #log_encoding = 'utf-8' 211 | 212 | 213 | ## ``publish`` is a callable 214 | ## 215 | ## Sets what ``gitchangelog`` should do with the output generated by 216 | ## the output engine. ``publish`` is a callable taking one argument 217 | ## that is an interator on lines from the output engine. 218 | ## 219 | ## Some helper callable are provided: 220 | ## 221 | ## Available choices are: 222 | ## 223 | ## - stdout 224 | ## 225 | ## Outputs directly to standard output 226 | ## (This is the default) 227 | ## 228 | ## - FileInsertAtFirstRegexMatch(file, pattern, idx=lamda m: m.start()) 229 | ## 230 | ## Creates a callable that will parse given file for the given 231 | ## regex pattern and will insert the output in the file. 232 | ## ``idx`` is a callable that receive the matching object and 233 | ## must return a integer index point where to insert the 234 | ## the output in the file. Default is to return the position of 235 | ## the start of the matched string. 236 | ## 237 | ## - FileRegexSubst(file, pattern, replace, flags) 238 | ## 239 | ## Apply a replace inplace in the given file. Your regex pattern must 240 | ## take care of everything and might be more complex. Check the README 241 | ## for a complete copy-pastable example. 242 | ## 243 | # publish = FileInsertIntoFirstRegexMatch( 244 | # "CHANGELOG.rst", 245 | # r'/(?P[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n/', 246 | # idx=lambda m: m.start(1) 247 | # ) 248 | #publish = stdout 249 | 250 | 251 | ## ``revs`` is a list of callable or a list of string 252 | ## 253 | ## callable will be called to resolve as strings and allow dynamical 254 | ## computation of these. The result will be used as revisions for 255 | ## gitchangelog (as if directly stated on the command line). This allows 256 | ## to filter exaclty which commits will be read by gitchangelog. 257 | ## 258 | ## To get a full documentation on the format of these strings, please 259 | ## refer to the ``git rev-list`` arguments. There are many examples. 260 | ## 261 | ## Using callables is especially useful, for instance, if you 262 | ## are using gitchangelog to generate incrementally your changelog. 263 | ## 264 | ## Some helpers are provided, you can use them:: 265 | ## 266 | ## - FileFirstRegexMatch(file, pattern): will return a callable that will 267 | ## return the first string match for the given pattern in the given file. 268 | ## If you use named sub-patterns in your regex pattern, it'll output only 269 | ## the string matching the regex pattern named "rev". 270 | ## 271 | ## - Caret(rev): will return the rev prefixed by a "^", which is a 272 | ## way to remove the given revision and all its ancestor. 273 | ## 274 | ## Please note that if you provide a rev-list on the command line, it'll 275 | ## replace this value (which will then be ignored). 276 | ## 277 | ## If empty, then ``gitchangelog`` will act as it had to generate a full 278 | ## changelog. 279 | ## 280 | ## The default is to use all commits to make the changelog. 281 | #revs = ["^1.0.3", ] 282 | #revs = [ 283 | # Caret( 284 | # FileFirstRegexMatch( 285 | # "CHANGELOG.rst", 286 | # r"(?P[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n")), 287 | # "HEAD" 288 | #] 289 | revs = [] 290 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: test 2 | 3 | on: [push, pull_request] 4 | 5 | jobs: 6 | build: 7 | runs-on: ubuntu-latest 8 | strategy: 9 | matrix: 10 | python-version: ["3.9", "3.10"] 11 | 12 | steps: 13 | - uses: actions/checkout@v3 14 | - name: Set up Python ${{ matrix.python-version }} 15 | uses: actions/setup-python@v4 16 | with: 17 | python-version: ${{ matrix.python-version }} 18 | - name: Install dependencies 19 | working-directory: src 20 | run: | 21 | python -m pip install --upgrade pip 22 | pip install pytest pytest-asyncio 23 | pip install -r requirements.txt 24 | - name: Test with pytest 25 | working-directory: src 26 | run: | 27 | pytest 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # misp-guard 2 | `misp-guard` is a [mitmproxy](https://mitmproxy.org/) addon that inspects the synchronization traffic (via `PUSH` or `PULL`) between different MISP instances and applies a set of customizable rules defined in a JSON file. 3 | 4 | > **NOTE: By default this addon will block all outgoing HTTP requests that are not required during a MISP server sync. However, individual URLs or domains can be allowed if necessary.** 5 | 6 | ## PUSH 7 | ```mermaid 8 | sequenceDiagram 9 | participant MISP A 10 | participant MISP Guard 11 | participant MISP B 12 | 13 | rect rgb(191, 223, 255) 14 | note right of MISP A: PUSH Events 15 | 16 | MISP B->>MISP Guard: [GET]/servers/getVersion 17 | MISP Guard->>MISP A: [GET]/servers/getVersion 18 | MISP A->>MISP Guard: [GET]/servers/getVersion 19 | MISP Guard->>MISP B: [GET]/servers/getVersion 20 | 21 | MISP B->>MISP Guard: [HEAD]/events/view/[UUID] 22 | note right of MISP Guard: Only `minimal` search requests to /events/index are allowed 23 | MISP Guard->>MISP A: [HEAD]/events/view/[UUID] 24 | MISP A->>MISP Guard: [HEAD]/events/view/[UUID] 25 | MISP Guard->>MISP B: [HEAD]/events/view/[UUID] 26 | 27 | rect rgb(191, 223, 255) 28 | note left of MISP Guard: 404: If the event does not exists in MISP A 29 | MISP B->>+MISP Guard: [POST]/events/add 30 | note right of MISP Guard: Outgoing Event is inspected and rejected with 403 if any block rule matches 31 | MISP Guard->>-MISP A: [POST]/events/add 32 | MISP A->>MISP Guard: [POST]/events/add 33 | MISP Guard->>MISP B: [POST]/events/add 34 | end 35 | 36 | rect rgb(191, 223, 255) 37 | note left of MISP Guard: 200: If the event already exists in MISP A 38 | MISP B->>+MISP Guard: [POST]/events/edit/[UUID] 39 | note right of MISP Guard: Outgoing Event is inspected and rejected with 403 if any block rule matches 40 | MISP Guard->>-MISP A: [POST]/events/edit/[UUID] 41 | MISP A->>MISP Guard: [POST]/events/edit/[UUID] 42 | MISP Guard->>MISP B: [POST]/events/edit/[UUID] 43 | end 44 | end 45 | 46 | rect rgb(191, 223, 255) 47 | note right of MISP A: PUSH GalaxyClusters 48 | MISP B->>+MISP Guard: [POST]/galaxies/pushCluster 49 | note right of MISP Guard: Outgoing Galaxy Cluster is inspected and rejected with 403 if any block rule matches 50 | MISP Guard->>-MISP A: [POST]/galaxies/pushCluster 51 | MISP A->>MISP Guard: [POST]/galaxies/pushCluster 52 | MISP Guard->>MISP B: [POST]/galaxies/pushCluster 53 | end 54 | 55 | rect rgb(191, 223, 255) 56 | note right of MISP A: PUSH Sightings 57 | MISP B->>+MISP Guard: [POST]/sightings/bulkSaveSightings/[UUID] 58 | note right of MISP Guard: Outgoing Sightings are inspected and rejected with 403 if any block rule matches 59 | MISP Guard->>-MISP A: [POST]/sightings/bulkSaveSightings/[UUID] 60 | MISP A->>MISP Guard: [POST]/sightings/bulkSaveSightings/[UUID] 61 | MISP Guard->>MISP B: [POST]/sightings/bulkSaveSightings/[UUID] 62 | end 63 | 64 | rect rgb(191, 223, 255) 65 | note right of MISP A: PUSH AnalystData 66 | MISP B->>+MISP Guard: [POST]/analyst_data/filterAnalystDataForPush 67 | MISP A->>MISP Guard: [POST]/analyst_data/filterAnalystDataForPush 68 | MISP Guard->>MISP B: [POST]/analyst_data/filterAnalystDataForPush 69 | 70 | MISP B->>+MISP Guard: [POST]/analyst_data/pushAnalystData 71 | note right of MISP Guard: Outgoing Analyst Data is inspected and rejected with 403 if any block rule matches 72 | MISP Guard->>-MISP A: [POST]/analyst_data/pushAnalystData 73 | MISP A->>MISP Guard: [POST]/analyst_data/pushAnalystData 74 | MISP Guard->>MISP B: [POST]/analyst_data/pushAnalystData 75 | end 76 | ``` 77 | 78 | ## PULL 79 | ```mermaid 80 | sequenceDiagram 81 | participant MISP A 82 | participant MISP Guard 83 | participant MISP B 84 | 85 | rect rgb(191, 223, 255) 86 | note right of MISP A: PULL Events 87 | MISP A->>MISP Guard: [GET]/servers/getVersion 88 | MISP Guard->>MISP B: [GET]/servers/getVersion 89 | MISP B->>MISP Guard: [GET]/servers/getVersion 90 | MISP Guard->>MISP A: [GET]/servers/getVersion 91 | 92 | MISP A->>+MISP Guard: [POST]/events/index 93 | note right of MISP Guard: Only `minimal` search requests to /events/index are allowed 94 | MISP Guard->>-MISP B: [POST]/events/index 95 | MISP B->>MISP Guard: [POST]/events/index 96 | MISP Guard->>MISP A: [POST]/events/index 97 | 98 | MISP A->>MISP Guard: [GET]/events/view/[UUID] 99 | MISP Guard->>MISP B: [GET]/events/view/[UUID] 100 | MISP B->>+MISP Guard: [GET]/events/view/[UUID] 101 | note right of MISP Guard: Incoming Event is inspected and rejected with 403 if any block rule matches 102 | MISP Guard->>-MISP A: [GET]/events/view/[UUID] 103 | end 104 | 105 | rect rgb(191, 223, 255) 106 | note right of MISP A: PULL ShadowAttributes 107 | MISP A->>MISP Guard: [GET]/shadow_attributes/index 108 | MISP Guard->>MISP B: [GET]/shadow_attributes/index 109 | MISP B->>+MISP Guard: [GET]/shadow_attributes/index 110 | note right of MISP Guard: Incoming Shadow Attributes are inspected and rejected with 403 if any block rule matches 111 | MISP Guard->>-MISP A: [GET]/shadow_attributes/index 112 | end 113 | 114 | rect rgb(191, 223, 255) 115 | note right of MISP A: GalaxyClusters 116 | MISP A->>+MISP Guard: [POST]/galaxy_clusters/restSearch 117 | note right of MISP Guard: Only `minimal` search requests to /galaxy_clusters/restSearch are allowed 118 | MISP Guard->>-MISP B: [POST]/galaxy_clusters/restSearch 119 | MISP B->>MISP Guard: [POST]/galaxy_clusters/restSearch 120 | MISP Guard->>MISP A: [POST]/galaxy_clusters/restSearch 121 | 122 | MISP A->>MISP Guard: [GET]/galaxy_clusters/view/[UUID] 123 | MISP Guard->>MISP B: [GET]/galaxy_clusters/view/[UUID] 124 | MISP B->>+MISP Guard: [GET]/galaxy_clusters/view/[UUID] 125 | note right of MISP Guard: Incoming Galaxy Cluster is inspected and rejected with 403 if any block rule matches 126 | MISP Guard->>-MISP A: [GET]/galaxy_clusters/view/[UUID] 127 | end 128 | 129 | rect rgb(191, 223, 255) 130 | note right of MISP A: PULL Sightings 131 | MISP A->>MISP Guard: [POST]/sightings/restSearch/event 132 | MISP Guard->>MISP B: [POST]/sightings/restSearch/event 133 | MISP B->>+MISP Guard: [POST]/sightings/restSearch/event 134 | note right of MISP Guard: Incoming Sightings are inspected and rejected with 403 if any block rule matches 135 | MISP Guard->>-MISP A: [POST]/sightings/restSearch/event 136 | end 137 | 138 | rect rgb(191, 223, 255) 139 | note right of MISP A: PULL AnalystData 140 | MISP A->>MISP Guard: [POST]/analyst_data/indexMinimal 141 | MISP Guard->>MISP B: [POST]/analyst_data/indexMinimal 142 | MISP B->>+MISP Guard: [POST]/analyst_data/indexMinimal 143 | MISP Guard->>-MISP A: [POST]/analyst_data/indexMinimal 144 | 145 | MISP A->>MISP Guard: [GET]/analyst_data/index/[Note|Opinion|Relationship]/uuid:[UUID].json 146 | MISP Guard->>MISP B: [GET]/analyst_data/index/[Note|Opinion|Relationship]/uuid:[UUID].json 147 | MISP B->>+MISP Guard: [GET]/analyst_data/index/[Note|Opinion|Relationship]/uuid:[UUID].json 148 | note right of MISP Guard: Incoming Analyst Data is inspected and rejected with 403 if any block rule matches 149 | MISP Guard->>-MISP A: [GET]/analyst_data/index/[Note|Opinion|Relationship]/uuid:[UUID].json 150 | end 151 | ``` 152 | 153 | 154 | 155 | 156 | > **NOTE: The `MISP A` server needs to have the `misp-guard` hostname configured as the server hostname you are going to pull from, **not** the `MISP B` hostname.** 157 | 158 | **Supported block rules:** 159 | * `compartments_rules`: Compartments can be interpreted as a VLAN where one or more MISP are living, each compartment defines to which other compartments allows to sync. 160 | * `taxonomies_rules`: 161 | * `required_taxonomies`: Taxonomies that have to be present in a event, otherwise it will be blocked. 162 | * `allowed_tags`: For each of the `required_taxonomies` a subset of allowed tags can be specified. 163 | * `blocked_tags`: Tags that cannot be present in any of the event entities. 164 | * `blocked_distribution_levels`: Blocks if the event/objects/attributes matches one of the blocked distribution levels. 165 | * `"0"`: Organisation Only 166 | * `"1"`: Community Only 167 | * `"2"`: Connected Communities 168 | * `"3"`: All Communities 169 | * `"4"`: Sharing Group 170 | * `"5"`: Inherit Event 171 | * `blocked_sharing_groups_uuids`: Blocks if the event/objects/attributes matches one of the blocked sharing groups uuids. 172 | * `blocked_attribute_types`: Blocks if the event contains an attribute matching one of this types. 173 | * `blocked_attribute_categories`: Blocks if the event contains an attribute matching one of this categories. 174 | * `blocked_object_types`: Blocks if the event contains an object matching one of this types. 175 | 176 | **Allowlist** 177 | 178 | * To allow individual URLs or domains, simply add them as a JSON array under the `allowlist` element. 179 | * `urls` The entire URL is checked and only exact calls are allowed. 180 | * `domains` In contrast, only the domain is checked and any website behind the domain can be queried. Should only be used if adding exact URLs is not possible. 181 | 182 | See sample config [here](src/test/test_config.json). 183 | 184 | ## Instructions 185 | 186 | ### Installation 187 | ```bash 188 | $ git clone https://github.com/MISP/misp-guard.git 189 | $ cd src/ 190 | $ pip install -r requirements.txt 191 | ``` 192 | 193 | ### Setup 194 | 195 | 1. Define your block rules in the `config.json` file. 196 | 2. Start mitmproxy with the `mispguard` addon: 197 | ``` 198 | $ mitmdump -s mispguard.py -p 8888 --certs *=cert.pem --set config=config.json 199 | Loading script mispguard.py 200 | MispGuard initialized 201 | Proxy server listening at *:8888 202 | ``` 203 | _Add `-k` to accept self-signed certificates._ 204 | 205 | 3. Configure the proxy in your MISP instance, set the following MISP `Proxy.host` and `Proxy.port` settings accordingly. 206 | 207 | Done, outgoing MISP sync requests will be inspected and dropped according to the specified block rules. 208 | 209 | 210 | > NOTE: add `-v` to `mitmdump` to increase verbosity and display debug logs. 211 | 212 | ### Testing 213 | ``` 214 | src src/ 215 | pytest 216 | ``` -------------------------------------------------------------------------------- /src/.gitignore: -------------------------------------------------------------------------------- 1 | # Editors 2 | .vscode/ 3 | .idea/ 4 | 5 | # Vagrant 6 | .vagrant/ 7 | 8 | # Mac/OSX 9 | .DS_Store 10 | 11 | # Windows 12 | Thumbs.db 13 | 14 | # Source for the following rules: https://raw.githubusercontent.com/github/gitignore/master/Python.gitignore 15 | # Byte-compiled / optimized / DLL files 16 | __pycache__/ 17 | *.py[cod] 18 | *$py.class 19 | 20 | # C extensions 21 | *.so 22 | 23 | # Distribution / packaging 24 | .Python 25 | build/ 26 | develop-eggs/ 27 | dist/ 28 | downloads/ 29 | eggs/ 30 | .eggs/ 31 | lib/ 32 | lib64/ 33 | parts/ 34 | sdist/ 35 | var/ 36 | wheels/ 37 | *.egg-info/ 38 | .installed.cfg 39 | *.egg 40 | MANIFEST 41 | 42 | # PyInstaller 43 | # Usually these files are written by a python script from a template 44 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 45 | *.manifest 46 | *.spec 47 | 48 | # Installer logs 49 | pip-log.txt 50 | pip-delete-this-directory.txt 51 | 52 | # Unit test / coverage reports 53 | htmlcov/ 54 | .tox/ 55 | .nox/ 56 | .coverage 57 | .coverage.* 58 | .cache 59 | nosetests.xml 60 | coverage.xml 61 | *.cover 62 | .hypothesis/ 63 | .pytest_cache/ 64 | 65 | # Translations 66 | *.mo 67 | *.pot 68 | 69 | # Django stuff: 70 | *.log 71 | local_settings.py 72 | db.sqlite3 73 | 74 | # Flask stuff: 75 | instance/ 76 | .webassets-cache 77 | 78 | # Scrapy stuff: 79 | .scrapy 80 | 81 | # Sphinx documentation 82 | docs/_build/ 83 | 84 | # PyBuilder 85 | target/ 86 | 87 | # Jupyter Notebook 88 | .ipynb_checkpoints 89 | 90 | # IPython 91 | profile_default/ 92 | ipython_config.py 93 | 94 | # pyenv 95 | .python-version 96 | 97 | # celery beat schedule file 98 | celerybeat-schedule 99 | 100 | # SageMath parsed files 101 | *.sage.py 102 | 103 | # Environments 104 | .env 105 | .venv 106 | env/ 107 | venv/ 108 | ENV/ 109 | env.bak/ 110 | venv.bak/ 111 | 112 | # Spyder project settings 113 | .spyderproject 114 | .spyproject 115 | 116 | # Rope project settings 117 | .ropeproject 118 | 119 | # mkdocs documentation 120 | /site 121 | 122 | # mypy 123 | .mypy_cache/ 124 | .dmypy.json 125 | dmypy.json 126 | 127 | config.json 128 | 129 | # logs 130 | logs/* -------------------------------------------------------------------------------- /src/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-guard/bad80c6602f96b838fd713953a58124ccd6e55a0/src/__init__.py -------------------------------------------------------------------------------- /src/config.json.dist: -------------------------------------------------------------------------------- 1 | { 2 | "allowlist": { 3 | "urls": [], 4 | "domains": [] 5 | }, 6 | "compartments_rules": { 7 | "can_reach": { 8 | "compartment_1": [ 9 | "compartment_1", 10 | "compartment_2" 11 | ], 12 | "compartment_2": [ 13 | "compartment_1", 14 | "compartment_2" 15 | ] 16 | } 17 | }, 18 | "instances": { 19 | "instance_1_1": { 20 | "ip": "10.0.0.1", 21 | "host": "instance1-comp1.com", 22 | "port": 443, 23 | "compartment_id": "compartment_1", 24 | "affiliation": "", 25 | "taxonomies_rules": { 26 | "required_taxonomies": [], 27 | "allowed_tags": {}, 28 | "blocked_tags": [] 29 | }, 30 | "blocked_distribution_levels": [], 31 | "blocked_sharing_groups_uuids": [], 32 | "blocked_attribute_types": [], 33 | "blocked_attribute_categories": [], 34 | "blocked_object_types": [] 35 | }, 36 | "instance_1_2": { 37 | "ip": "20.0.0.1", 38 | "host": "instance1-comp2.com", 39 | "port": 443, 40 | "compartment_id": "compartment_2", 41 | "affiliation": "", 42 | "taxonomies_rules": { 43 | "required_taxonomies": [], 44 | "allowed_tags": {}, 45 | "blocked_tags": [] 46 | }, 47 | "blocked_distribution_levels": [], 48 | "blocked_sharing_groups_uuids": [], 49 | "blocked_attribute_types": [], 50 | "blocked_attribute_categories": [], 51 | "blocked_object_types": [] 52 | } 53 | } 54 | } -------------------------------------------------------------------------------- /src/config.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema", 3 | "type": "object", 4 | "required": [ 5 | "allowlist", 6 | "compartments_rules", 7 | "instances" 8 | ], 9 | "properties": { 10 | "allowlist": { 11 | "type": "object", 12 | "properties": { 13 | "urls": { 14 | "type": "array", 15 | "items": { 16 | "type": "string", 17 | "format": "url" 18 | } 19 | }, 20 | "domains": { 21 | "type": "array", 22 | "items": { 23 | "type": "string", 24 | "format": "domain" 25 | } 26 | } 27 | } 28 | }, 29 | "compartments_rules": { 30 | "type": "object", 31 | "properties": { 32 | "can_reach": { 33 | "type": "object", 34 | "patternProperties": { 35 | "^[a-z0-9_]+$": { 36 | "type": "array", 37 | "items": { 38 | "type": "string", 39 | "pattern": "^[a-z0-9_]+$" 40 | } 41 | } 42 | } 43 | } 44 | } 45 | }, 46 | "instances": { 47 | "type": "object", 48 | "patternProperties": { 49 | "^[a-z0-9_]+$": { 50 | "type": "object", 51 | "properties": { 52 | "ip": { 53 | "type": "string", 54 | "oneOf": [ 55 | { 56 | "format": "ipv4" 57 | }, 58 | { 59 | "format": "ipv6" 60 | } 61 | ] 62 | }, 63 | "host": { 64 | "type": "string", 65 | "format": "hostname" 66 | }, 67 | "port": { 68 | "type": "integer", 69 | "minimum": 1, 70 | "maximum": 65535 71 | }, 72 | "compartment_id": { 73 | "type": "string", 74 | "pattern": "^[a-z0-9_]+$" 75 | }, 76 | "affiliation": { 77 | "type": "string" 78 | }, 79 | "taxonomies_rules": { 80 | "type": "object", 81 | "properties": { 82 | "required_taxonomies": { 83 | "type": "array", 84 | "items": { 85 | "type": "string", 86 | "examples": [ 87 | "tlp" 88 | ] 89 | } 90 | }, 91 | "allowed_tags": { 92 | "type": "object", 93 | "patternProperties": { 94 | "^[a-z0-9_]+$": { 95 | "type": "array", 96 | "items": { 97 | "type": "string", 98 | "examples": [ 99 | "tlp:clear" 100 | ] 101 | } 102 | } 103 | } 104 | }, 105 | "blocked_tags": { 106 | "type": "array", 107 | "items": { 108 | "type": "string", 109 | "examples": [ 110 | "tlp:red" 111 | ] 112 | } 113 | } 114 | } 115 | }, 116 | "blocked_distribution_levels": { 117 | "type": "array", 118 | "items": { 119 | "type": "string", 120 | "enum": [ 121 | "0", 122 | "1", 123 | "2", 124 | "3", 125 | "4", 126 | "5" 127 | ] 128 | } 129 | }, 130 | "blocked_sharing_groups_uuids": { 131 | "type": "array", 132 | "items": { 133 | "type": "string", 134 | "format": "uuid" 135 | } 136 | }, 137 | "blocked_attribute_types": { 138 | "type": "array", 139 | "items": { 140 | "type": "string", 141 | "examples": [ 142 | "passport-number" 143 | ] 144 | } 145 | }, 146 | "blocked_attribute_categories": { 147 | "type": "array", 148 | "items": { 149 | "type": "string", 150 | "examples": [ 151 | "Person" 152 | ] 153 | } 154 | }, 155 | "blocked_object_types": { 156 | "type": "array", 157 | "items": { 158 | "type": "string", 159 | "examples": [ 160 | "person" 161 | ] 162 | } 163 | } 164 | }, 165 | "required": [ 166 | "ip", 167 | "host", 168 | "port", 169 | "compartment_id", 170 | "affiliation", 171 | "taxonomies_rules", 172 | "blocked_distribution_levels", 173 | "blocked_sharing_groups_uuids", 174 | "blocked_attribute_types", 175 | "blocked_attribute_categories", 176 | "blocked_object_types" 177 | ] 178 | } 179 | } 180 | } 181 | } 182 | } -------------------------------------------------------------------------------- /src/logging.yaml: -------------------------------------------------------------------------------- 1 | version: 1 2 | disable_existing_loggers: no 3 | formatters: 4 | simple: 5 | format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s" 6 | verbose: 7 | format: "%(asctime)s - %(name)s - %(levelname)s - %(funcName)s:%(lineno)d - %(message)s" 8 | handlers: 9 | console: 10 | class: logging.StreamHandler 11 | level: DEBUG 12 | formatter: verbose 13 | stream: ext://sys.stdout 14 | file: 15 | class: logging.handlers.TimedRotatingFileHandler 16 | level: INFO 17 | formatter: simple 18 | when: D 19 | backupCount: 5 20 | filename: ./logs/misp-guard.log 21 | loggers: 22 | root: 23 | level: INFO 24 | handlers: [console, file] 25 | -------------------------------------------------------------------------------- /src/logs/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-guard/bad80c6602f96b838fd713953a58124ccd6e55a0/src/logs/.gitkeep -------------------------------------------------------------------------------- /src/requirements.txt: -------------------------------------------------------------------------------- 1 | mitmproxy 2 | jsonschema 3 | jsonschema[format] 4 | pyyaml 5 | watchdog -------------------------------------------------------------------------------- /src/test/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-guard/bad80c6602f96b838fd713953a58124ccd6e55a0/src/test/__init__.py -------------------------------------------------------------------------------- /src/test/fixtures/empty.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /src/test/fixtures/test_analyst_data_index_minimal_non-blocked.json: -------------------------------------------------------------------------------- 1 | { 2 | "Note": [ 3 | { 4 | "5352d149-7cb8-4b91-a403-b3428c4b9dae": "2025-01-08 10:37:00" 5 | } 6 | ], 7 | "Opinion": [ 8 | { 9 | "bc6992d6-1e38-402d-a319-b73c8de11ceb": "2025-01-08 10:37:00" 10 | } 11 | ], 12 | "Relationship": [ 13 | { 14 | "d8990433-bf3b-47ab-8263-eb15ff2bd0d4": "2025-01-08 10:37:00" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_analyst_note_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Note": { 4 | "id": "1", 5 | "uuid": "6f847552-aaab-4378-aa5f-369c416822d1", 6 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 7 | "object_type": "Attribute", 8 | "authors": "john.doe@admin.test", 9 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 11 | "created": "2024-10-04 08:09:39", 12 | "modified": "2024-10-04 08:09:39", 13 | "distribution": "0", 14 | "sharing_group_id": null, 15 | "locked": false, 16 | "note": "Ceci est une note", 17 | "language": "fr-BE", 18 | "note_type": 0, 19 | "note_type_name": "Note", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true 33 | } 34 | } 35 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_analyst_note_non-blocked.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Note": { 4 | "id": "1", 5 | "uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d", 6 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 7 | "object_type": "Attribute", 8 | "authors": "john.doe@admin.test", 9 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 11 | "created": "2024-10-04 08:09:39", 12 | "modified": "2024-10-04 08:09:39", 13 | "distribution": "1", 14 | "sharing_group_id": null, 15 | "locked": false, 16 | "note": "Ceci est une note", 17 | "language": "fr-BE", 18 | "note_type": 0, 19 | "note_type_name": "Note", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true 33 | } 34 | } 35 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_analyst_opinion_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Opinion": { 4 | "id": "1", 5 | "uuid": "9d9170c4-b9b8-4457-8f44-e5bbacc94367", 6 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 7 | "object_type": "Event", 8 | "authors": "john.doe@admin.test", 9 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 11 | "created": "2024-10-04 08:09:47", 12 | "modified": "2024-10-04 08:09:47", 13 | "distribution": "0", 14 | "sharing_group_id": null, 15 | "locked": false, 16 | "opinion": "75", 17 | "comment": "This is an opinion", 18 | "note_type": 1, 19 | "note_type_name": "Opinion", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true 33 | } 34 | } 35 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_analyst_opinion_non-blocked.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Opinion": { 4 | "id": "1", 5 | "uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c", 6 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 7 | "object_type": "Event", 8 | "authors": "john.doe@admin.test", 9 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 11 | "created": "2024-10-04 08:09:47", 12 | "modified": "2024-10-04 08:09:47", 13 | "distribution": "1", 14 | "sharing_group_id": null, 15 | "locked": false, 16 | "opinion": "75", 17 | "comment": "This is an opinion", 18 | "note_type": 1, 19 | "note_type_name": "Opinion", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true 33 | } 34 | } 35 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_analyst_relationship_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Relationship": { 4 | "id": "1", 5 | "uuid": "8d96fbd5-2364-42e9-acca-4701bf794bfb", 6 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 7 | "object_type": "Attribute", 8 | "authors": "admin@admin.test", 9 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 11 | "created": "2024-10-30 11:09:13", 12 | "modified": "2024-10-30 11:09:13", 13 | "distribution": "0", 14 | "sharing_group_id": null, 15 | "locked": false, 16 | "relationship_type": "Acquaintance", 17 | "related_object_uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 18 | "related_object_type": "Event", 19 | "note_type": 2, 20 | "note_type_name": "Relationship", 21 | "Org": { 22 | "id": "1", 23 | "name": "HOST", 24 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 25 | "local": true 26 | }, 27 | "Orgc": { 28 | "id": "1", 29 | "name": "HOST", 30 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 31 | "local": true 32 | }, 33 | "_canEdit": true, 34 | "related_object": { 35 | "Event": { 36 | "id": "37", 37 | "org_id": "6", 38 | "date": "2022-03-24", 39 | "info": "Test Event", 40 | "user_id": "138", 41 | "uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 42 | "published": true, 43 | "analysis": "1", 44 | "attribute_count": "11", 45 | "orgc_id": "2", 46 | "timestamp": "1730278463", 47 | "distribution": "3", 48 | "sharing_group_id": "0", 49 | "proposal_email_lock": false, 50 | "locked": true, 51 | "threat_level_id": "2", 52 | "publish_timestamp": "1730278489", 53 | "sighting_timestamp": "0", 54 | "disable_correlation": false, 55 | "extends_uuid": "", 56 | "protected": null 57 | } 58 | } 59 | } 60 | } 61 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_analyst_relationship_non-blocked.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Relationship": { 4 | "id": "1", 5 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 6 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 7 | "object_type": "Attribute", 8 | "authors": "admin@admin.test", 9 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 11 | "created": "2024-10-30 11:09:13", 12 | "modified": "2024-10-30 11:09:13", 13 | "distribution": "1", 14 | "sharing_group_id": null, 15 | "locked": false, 16 | "relationship_type": "Acquaintance", 17 | "related_object_uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 18 | "related_object_type": "Event", 19 | "note_type": 2, 20 | "note_type_name": "Relationship", 21 | "Org": { 22 | "id": "1", 23 | "name": "HOST", 24 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 25 | "local": true 26 | }, 27 | "Orgc": { 28 | "id": "1", 29 | "name": "HOST", 30 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 31 | "local": true 32 | }, 33 | "_canEdit": true, 34 | "related_object": { 35 | "Event": { 36 | "id": "37", 37 | "org_id": "6", 38 | "date": "2022-03-24", 39 | "info": "Test Event", 40 | "user_id": "138", 41 | "uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 42 | "published": true, 43 | "analysis": "1", 44 | "attribute_count": "11", 45 | "orgc_id": "2", 46 | "timestamp": "1730278463", 47 | "distribution": "3", 48 | "sharing_group_id": "0", 49 | "proposal_email_lock": false, 50 | "locked": true, 51 | "threat_level_id": "2", 52 | "publish_timestamp": "1730278489", 53 | "sighting_timestamp": "0", 54 | "disable_correlation": false, 55 | "extends_uuid": "", 56 | "protected": null 57 | } 58 | } 59 | } 60 | } 61 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_attribute_analyst_relationship_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "1", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "8.8.8.8", 54 | "Galaxy": [], 55 | "ShadowAttribute": [], 56 | "Relationship": [ 57 | { 58 | "id": "1", 59 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 60 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 61 | "object_type": "Attribute", 62 | "authors": "admin@admin.test", 63 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 64 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 65 | "created": "2024-10-30 11:09:13", 66 | "modified": "2024-10-30 11:09:13", 67 | "distribution": "0", 68 | "sharing_group_id": null, 69 | "locked": false, 70 | "relationship_type": "Acquaintance", 71 | "related_object_uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 72 | "related_object_type": "Attribute", 73 | "note_type": 2, 74 | "note_type_name": "Relationship", 75 | "Org": { 76 | "id": "1", 77 | "name": "HOST", 78 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 79 | "local": true 80 | }, 81 | "Orgc": { 82 | "id": "1", 83 | "name": "HOST", 84 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 85 | "local": true 86 | }, 87 | "_canEdit": true, 88 | "related_object": { 89 | "Attribute": { 90 | "id": "1", 91 | "type": "ip-src", 92 | "category": "Network activity", 93 | "to_ids": false, 94 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 95 | "event_id": "1", 96 | "distribution": "5", 97 | "timestamp": "1661956302", 98 | "comment": "", 99 | "sharing_group_id": "0", 100 | "deleted": false, 101 | "disable_correlation": false, 102 | "object_id": "0", 103 | "object_relation": null, 104 | "first_seen": null, 105 | "last_seen": null, 106 | "value": "2.2.2.2", 107 | "Galaxy": [], 108 | "ShadowAttribute": [] 109 | } 110 | } 111 | } 112 | ] 113 | } 114 | ], 115 | "ShadowAttribute": [], 116 | "RelatedEvent": [], 117 | "Galaxy": [], 118 | "Object": [], 119 | "EventReport": [], 120 | "CryptographicKey": [] 121 | } 122 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_attribute_category.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute cateogry", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "last-name", 39 | "category": "Person", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "Doe", 54 | "Galaxy": [], 55 | "ShadowAttribute": [] 56 | } 57 | ], 58 | "ShadowAttribute": [], 59 | "RelatedEvent": [], 60 | "Galaxy": [], 61 | "Object": [], 62 | "EventReport": [], 63 | "CryptographicKey": [] 64 | } 65 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_attribute_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute distribution", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "0", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "2.2.2.2", 54 | "Galaxy": [], 55 | "ShadowAttribute": [] 56 | } 57 | ], 58 | "ShadowAttribute": [], 59 | "RelatedEvent": [], 60 | "Galaxy": [], 61 | "Object": [], 62 | "EventReport": [], 63 | "CryptographicKey": [] 64 | } 65 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_attribute_note_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "1", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "8.8.8.8", 54 | "Galaxy": [], 55 | "ShadowAttribute": [], 56 | "Note": [ 57 | { 58 | "id": "1", 59 | "uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d", 60 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 61 | "object_type": "Attribute", 62 | "authors": "john.doe@admin.test", 63 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 64 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 65 | "created": "2024-10-04 08:09:39", 66 | "modified": "2024-10-04 08:09:39", 67 | "distribution": "0", 68 | "sharing_group_id": null, 69 | "locked": false, 70 | "note": "Ceci est une note", 71 | "language": "fr-BE", 72 | "note_type": 0, 73 | "note_type_name": "Note", 74 | "Org": { 75 | "id": "1", 76 | "name": "HOST", 77 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 78 | "local": true 79 | }, 80 | "Orgc": { 81 | "id": "1", 82 | "name": "HOST", 83 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 84 | "local": true 85 | }, 86 | "_canEdit": true 87 | } 88 | ] 89 | } 90 | ], 91 | "ShadowAttribute": [], 92 | "RelatedEvent": [], 93 | "Galaxy": [], 94 | "Object": [], 95 | "EventReport": [], 96 | "CryptographicKey": [] 97 | } 98 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_attribute_opinion_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "1", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "8.8.8.8", 54 | "Galaxy": [], 55 | "ShadowAttribute": [], 56 | "Opinion": [ 57 | { 58 | "id": "1", 59 | "uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c", 60 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 61 | "object_type": "Event", 62 | "authors": "john.doe@admin.test", 63 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 64 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 65 | "created": "2024-10-04 08:09:47", 66 | "modified": "2024-10-04 08:09:47", 67 | "distribution": "0", 68 | "sharing_group_id": null, 69 | "locked": false, 70 | "opinion": "75", 71 | "comment": "This is an opinion", 72 | "note_type": 1, 73 | "note_type_name": "Opinion", 74 | "Org": { 75 | "id": "1", 76 | "name": "HOST", 77 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 78 | "local": true 79 | }, 80 | "Orgc": { 81 | "id": "1", 82 | "name": "HOST", 83 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 84 | "local": true 85 | }, 86 | "_canEdit": true 87 | } 88 | ] 89 | } 90 | ], 91 | "ShadowAttribute": [], 92 | "RelatedEvent": [], 93 | "Galaxy": [], 94 | "Object": [], 95 | "EventReport": [], 96 | "CryptographicKey": [] 97 | } 98 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_attribute_sharing_group.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event sharing group", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "1", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "2.2.2.2", 54 | "Galaxy": [], 55 | "ShadowAttribute": [], 56 | "SharingGroup": { 57 | "id": "1", 58 | "name": "test_sharing_group", 59 | "releasability": "", 60 | "description": "", 61 | "uuid": "b9e656ba-b9c0-4506-83ed-7b54b43a57cb", 62 | "organisation_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 63 | "org_id": "1", 64 | "sync_user_id": "0", 65 | "active": true, 66 | "created": "2022-08-31 14:41:35", 67 | "modified": "2022-08-31 15:06:51", 68 | "local": true, 69 | "roaming": false, 70 | "Organisation": { 71 | "id": "1", 72 | "name": "test_org", 73 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595" 74 | } 75 | } 76 | } 77 | ], 78 | "ShadowAttribute": [], 79 | "RelatedEvent": [], 80 | "Galaxy": [], 81 | "Object": [], 82 | "EventReport": [], 83 | "CryptographicKey": [] 84 | } 85 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_attribute_tags.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute tag", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "2.2.2.2", 54 | "Galaxy": [], 55 | "ShadowAttribute": [], 56 | "Tag": [ 57 | { 58 | "id": "1", 59 | "name": "tlp:red", 60 | "colour": "#FF0000" 61 | } 62 | ] 63 | } 64 | ], 65 | "ShadowAttribute": [], 66 | "RelatedEvent": [], 67 | "Galaxy": [], 68 | "Object": [], 69 | "EventReport": [], 70 | "CryptographicKey": [] 71 | } 72 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_attribute_type.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "passport-number", 39 | "category": "PersonV2", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "987654321", 54 | "Galaxy": [], 55 | "ShadowAttribute": [] 56 | } 57 | ], 58 | "ShadowAttribute": [], 59 | "RelatedEvent": [], 60 | "Galaxy": [], 61 | "Object": [], 62 | "EventReport": [], 63 | "CryptographicKey": [] 64 | } 65 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_event_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event distribution", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "0", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Tag": [], 24 | "Org": { 25 | "id": "1", 26 | "name": "HOST", 27 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 28 | "local": true 29 | }, 30 | "Orgc": { 31 | "id": "1", 32 | "name": "HOST", 33 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 34 | "local": true 35 | }, 36 | "Attribute": [ 37 | { 38 | "id": "1", 39 | "type": "ip-src", 40 | "category": "Network activity", 41 | "to_ids": false, 42 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 43 | "event_id": "1", 44 | "distribution": "5", 45 | "timestamp": "1661956302", 46 | "comment": "", 47 | "sharing_group_id": "0", 48 | "deleted": false, 49 | "disable_correlation": false, 50 | "object_id": "0", 51 | "object_relation": null, 52 | "first_seen": null, 53 | "last_seen": null, 54 | "value": "2.2.2.2", 55 | "Galaxy": [], 56 | "ShadowAttribute": [] 57 | } 58 | ], 59 | "ShadowAttribute": [], 60 | "RelatedEvent": [], 61 | "Galaxy": [], 62 | "Object": [], 63 | "EventReport": [], 64 | "CryptographicKey": [] 65 | } 66 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_event_report_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event distribution", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "1", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Tag": [], 24 | "Org": { 25 | "id": "1", 26 | "name": "HOST", 27 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 28 | "local": true 29 | }, 30 | "Orgc": { 31 | "id": "1", 32 | "name": "HOST", 33 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 34 | "local": true 35 | }, 36 | "Attribute": [ 37 | { 38 | "id": "1", 39 | "type": "ip-src", 40 | "category": "Network activity", 41 | "to_ids": false, 42 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 43 | "event_id": "1", 44 | "distribution": "5", 45 | "timestamp": "1661956302", 46 | "comment": "", 47 | "sharing_group_id": "0", 48 | "deleted": false, 49 | "disable_correlation": false, 50 | "object_id": "0", 51 | "object_relation": null, 52 | "first_seen": null, 53 | "last_seen": null, 54 | "value": "2.2.2.2", 55 | "Galaxy": [], 56 | "ShadowAttribute": [] 57 | } 58 | ], 59 | "ShadowAttribute": [], 60 | "RelatedEvent": [], 61 | "Galaxy": [], 62 | "Object": [], 63 | "EventReport": [ 64 | { 65 | "id": "1", 66 | "uuid": "b3d17653-b27d-44f7-8267-04e4de8586c3", 67 | "event_id": "1", 68 | "name": "report", 69 | "content": "foobar", 70 | "distribution": "0", 71 | "sharing_group_id": "0", 72 | "timestamp": "1730798649", 73 | "deleted": false 74 | } 75 | ], 76 | "CryptographicKey": [] 77 | } 78 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_analyst_relationship_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "1", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "1", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "hostname", 61 | "category": "Network activity", 62 | "to_ids": true, 63 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1661956788", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "3", 72 | "object_relation": "hostname", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "example.com", 76 | "Galaxy": [], 77 | "ShadowAttribute": [], 78 | "Tag": [] 79 | } 80 | ], 81 | "Relationship": [ 82 | { 83 | "id": "1", 84 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 85 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 86 | "object_type": "Attribute", 87 | "authors": "admin@admin.test", 88 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 89 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 90 | "created": "2024-10-30 11:09:13", 91 | "modified": "2024-10-30 11:09:13", 92 | "distribution": "0", 93 | "sharing_group_id": null, 94 | "locked": false, 95 | "relationship_type": "Acquaintance", 96 | "related_object_uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 97 | "related_object_type": "Attribute", 98 | "note_type": 2, 99 | "note_type_name": "Relationship", 100 | "Org": { 101 | "id": "1", 102 | "name": "HOST", 103 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 104 | "local": true 105 | }, 106 | "Orgc": { 107 | "id": "1", 108 | "name": "HOST", 109 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 110 | "local": true 111 | }, 112 | "_canEdit": true, 113 | "related_object": { 114 | "Attribute": { 115 | "id": "1", 116 | "type": "ip-src", 117 | "category": "Network activity", 118 | "to_ids": false, 119 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 120 | "event_id": "1", 121 | "distribution": "5", 122 | "timestamp": "1661956302", 123 | "comment": "", 124 | "sharing_group_id": "0", 125 | "deleted": false, 126 | "disable_correlation": false, 127 | "object_id": "0", 128 | "object_relation": null, 129 | "first_seen": null, 130 | "last_seen": null, 131 | "value": "2.2.2.2", 132 | "Galaxy": [], 133 | "ShadowAttribute": [] 134 | } 135 | } 136 | } 137 | ] 138 | } 139 | ], 140 | "EventReport": [], 141 | "CryptographicKey": [] 142 | } 143 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_attribute_category.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object attribute category", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "person_v2", 43 | "meta-category": "misc", 44 | "description": "An object which describes a person or an identity.", 45 | "template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248", 46 | "template_version": "18", 47 | "event_id": "1", 48 | "uuid": "d4b22853-d3ca-43d2-9c19-46c4eb7082bc", 49 | "timestamp": "1662453827", 50 | "distribution": "5", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "last-name", 61 | "category": "Person", 62 | "to_ids": false, 63 | "uuid": "8bd8d8ee-e823-4a38-af83-a0fe518bf869", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1662453827", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "4", 72 | "object_relation": "last-name", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "Doe", 76 | "Galaxy": [], 77 | "ShadowAttribute": [] 78 | }, 79 | { 80 | "id": "2", 81 | "type": "first-name", 82 | "category": "Person", 83 | "to_ids": false, 84 | "uuid": "7f490078-ad86-4c7d-b16d-c4f73741aa84", 85 | "event_id": "1", 86 | "distribution": "5", 87 | "timestamp": "1662453827", 88 | "comment": "", 89 | "sharing_group_id": "0", 90 | "deleted": false, 91 | "disable_correlation": true, 92 | "object_id": "4", 93 | "object_relation": "first-name", 94 | "first_seen": null, 95 | "last_seen": null, 96 | "value": "John", 97 | "Galaxy": [], 98 | "ShadowAttribute": [] 99 | }, 100 | { 101 | "id": "3", 102 | "type": "passport-number", 103 | "category": "Person", 104 | "to_ids": false, 105 | "uuid": "bb936b88-30e1-4496-b265-b1c35b539df8", 106 | "event_id": "1", 107 | "distribution": "5", 108 | "timestamp": "1662453827", 109 | "comment": "", 110 | "sharing_group_id": "0", 111 | "deleted": false, 112 | "disable_correlation": false, 113 | "object_id": "4", 114 | "object_relation": "passport-number", 115 | "first_seen": null, 116 | "last_seen": null, 117 | "value": "987654321", 118 | "Galaxy": [], 119 | "ShadowAttribute": [] 120 | } 121 | ] 122 | } 123 | ], 124 | "EventReport": [], 125 | "CryptographicKey": [] 126 | } 127 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_attribute_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object attribute distribution", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "5", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "hostname", 61 | "category": "Network activity", 62 | "to_ids": true, 63 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 64 | "event_id": "1", 65 | "distribution": "0", 66 | "timestamp": "1661956788", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "3", 72 | "object_relation": "hostname", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "example.com", 76 | "Galaxy": [], 77 | "ShadowAttribute": [] 78 | } 79 | ] 80 | } 81 | ], 82 | "EventReport": [], 83 | "CryptographicKey": [] 84 | } 85 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_attribute_sharing_group.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object attribute sharing group", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "5", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "hostname", 61 | "category": "Network activity", 62 | "to_ids": true, 63 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1661956788", 67 | "comment": "", 68 | "sharing_group_id": "1", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "3", 72 | "object_relation": "hostname", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "example.com", 76 | "Galaxy": [], 77 | "ShadowAttribute": [], 78 | "SharingGroup": { 79 | "id": "1", 80 | "name": "test_sharing_group", 81 | "releasability": "", 82 | "description": "", 83 | "uuid": "b9e656ba-b9c0-4506-83ed-7b54b43a57cb", 84 | "organisation_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 85 | "org_id": "1", 86 | "sync_user_id": "0", 87 | "active": true, 88 | "created": "2022-08-31 14:41:35", 89 | "modified": "2022-08-31 15:06:51", 90 | "local": true, 91 | "roaming": false, 92 | "Organisation": { 93 | "id": "1", 94 | "name": "test_org", 95 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595" 96 | } 97 | } 98 | } 99 | ] 100 | } 101 | ], 102 | "EventReport": [], 103 | "CryptographicKey": [] 104 | } 105 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_attribute_tags.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object attribute tag", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "5", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "hostname", 61 | "category": "Network activity", 62 | "to_ids": true, 63 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1661956788", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "3", 72 | "object_relation": "hostname", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "example.com", 76 | "Galaxy": [], 77 | "ShadowAttribute": [], 78 | "Tag": [ 79 | { 80 | "id": "1", 81 | "name": "tlp:red", 82 | "colour": "#FF0000" 83 | } 84 | ] 85 | } 86 | ] 87 | } 88 | ], 89 | "EventReport": [], 90 | "CryptographicKey": [] 91 | } 92 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_attribute_type.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object attribute type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "person_v2", 43 | "meta-category": "misc", 44 | "description": "An object which describes a person or an identity.", 45 | "template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248", 46 | "template_version": "18", 47 | "event_id": "1", 48 | "uuid": "d4b22853-d3ca-43d2-9c19-46c4eb7082bc", 49 | "timestamp": "1662453827", 50 | "distribution": "5", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "last-name", 61 | "category": "Person_v2", 62 | "to_ids": false, 63 | "uuid": "8bd8d8ee-e823-4a38-af83-a0fe518bf869", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1662453827", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "4", 72 | "object_relation": "last-name", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "Doe", 76 | "Galaxy": [], 77 | "ShadowAttribute": [] 78 | }, 79 | { 80 | "id": "2", 81 | "type": "first-name", 82 | "category": "Person_v2", 83 | "to_ids": false, 84 | "uuid": "7f490078-ad86-4c7d-b16d-c4f73741aa84", 85 | "event_id": "1", 86 | "distribution": "5", 87 | "timestamp": "1662453827", 88 | "comment": "", 89 | "sharing_group_id": "0", 90 | "deleted": false, 91 | "disable_correlation": true, 92 | "object_id": "4", 93 | "object_relation": "first-name", 94 | "first_seen": null, 95 | "last_seen": null, 96 | "value": "John", 97 | "Galaxy": [], 98 | "ShadowAttribute": [] 99 | }, 100 | { 101 | "id": "3", 102 | "type": "passport-number", 103 | "category": "Person_v2", 104 | "to_ids": false, 105 | "uuid": "bb936b88-30e1-4496-b265-b1c35b539df8", 106 | "event_id": "1", 107 | "distribution": "5", 108 | "timestamp": "1662453827", 109 | "comment": "", 110 | "sharing_group_id": "0", 111 | "deleted": false, 112 | "disable_correlation": false, 113 | "object_id": "4", 114 | "object_relation": "passport-number", 115 | "first_seen": null, 116 | "last_seen": null, 117 | "value": "987654321", 118 | "Galaxy": [], 119 | "ShadowAttribute": [] 120 | } 121 | ] 122 | } 123 | ], 124 | "EventReport": [], 125 | "CryptographicKey": [] 126 | } 127 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object distribution", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "0", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "hostname", 61 | "category": "Network activity", 62 | "to_ids": true, 63 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1661956788", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "3", 72 | "object_relation": "hostname", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "example.com", 76 | "Galaxy": [], 77 | "ShadowAttribute": [], 78 | "Tag": [ 79 | { 80 | "id": "1", 81 | "name": "tlp:red", 82 | "colour": "#FF0000" 83 | } 84 | ] 85 | } 86 | ] 87 | } 88 | ], 89 | "EventReport": [], 90 | "CryptographicKey": [] 91 | } 92 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_note_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "1", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "1", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "hostname", 61 | "category": "Network activity", 62 | "to_ids": true, 63 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1661956788", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "3", 72 | "object_relation": "hostname", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "example.com", 76 | "Galaxy": [], 77 | "ShadowAttribute": [], 78 | "Tag": [] 79 | } 80 | ], 81 | "Note": [ 82 | { 83 | "id": "1", 84 | "uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d", 85 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 86 | "object_type": "Attribute", 87 | "authors": "john.doe@admin.test", 88 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 89 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 90 | "created": "2024-10-04 08:09:39", 91 | "modified": "2024-10-04 08:09:39", 92 | "distribution": "0", 93 | "sharing_group_id": null, 94 | "locked": false, 95 | "note": "Ceci est une note", 96 | "language": "fr-BE", 97 | "note_type": 0, 98 | "note_type_name": "Note", 99 | "Org": { 100 | "id": "1", 101 | "name": "HOST", 102 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 103 | "local": true 104 | }, 105 | "Orgc": { 106 | "id": "1", 107 | "name": "HOST", 108 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 109 | "local": true 110 | }, 111 | "_canEdit": true 112 | } 113 | ] 114 | } 115 | ], 116 | "EventReport": [], 117 | "CryptographicKey": [] 118 | } 119 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_opinion_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked attribute type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "1", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "1", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "hostname", 61 | "category": "Network activity", 62 | "to_ids": true, 63 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1661956788", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "3", 72 | "object_relation": "hostname", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "example.com", 76 | "Galaxy": [], 77 | "ShadowAttribute": [], 78 | "Tag": [] 79 | } 80 | ], 81 | "Opinion": [ 82 | { 83 | "id": "1", 84 | "uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c", 85 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 86 | "object_type": "Event", 87 | "authors": "john.doe@admin.test", 88 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 89 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 90 | "created": "2024-10-04 08:09:47", 91 | "modified": "2024-10-04 08:09:47", 92 | "distribution": "0", 93 | "sharing_group_id": null, 94 | "locked": false, 95 | "opinion": "75", 96 | "comment": "This is an opinion", 97 | "note_type": 1, 98 | "note_type_name": "Opinion", 99 | "Org": { 100 | "id": "1", 101 | "name": "HOST", 102 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 103 | "local": true 104 | }, 105 | "Orgc": { 106 | "id": "1", 107 | "name": "HOST", 108 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 109 | "local": true 110 | }, 111 | "_canEdit": true 112 | } 113 | ] 114 | } 115 | ], 116 | "EventReport": [], 117 | "CryptographicKey": [] 118 | } 119 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_shadow_attribute_type.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object attribute distribution", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "5", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "hostname", 61 | "category": "Network activity", 62 | "to_ids": true, 63 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1661956788", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "3", 72 | "object_relation": "hostname", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "example.com", 76 | "Galaxy": [], 77 | "ShadowAttribute": [ 78 | { 79 | "id": "2", 80 | "old_id": "1", 81 | "event_id": "1", 82 | "type": "passport-number", 83 | "category": "PersonV2", 84 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 85 | "to_ids": true, 86 | "comment": "", 87 | "org_id": "1", 88 | "timestamp": "1662472028", 89 | "first_seen": null, 90 | "last_seen": null, 91 | "value": "Doe", 92 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 93 | "old_uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 94 | "event_uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 95 | "Org": { 96 | "name": "HOST", 97 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 98 | "id": "1" 99 | } 100 | } 101 | ] 102 | } 103 | ] 104 | } 105 | ], 106 | "EventReport": [], 107 | "CryptographicKey": [] 108 | } 109 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_sharing_group.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object sharing group", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "5", 51 | "sharing_group_id": "1", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "SharingGroup": { 58 | "id": "1", 59 | "name": "test_sharing_group", 60 | "releasability": "", 61 | "description": "", 62 | "uuid": "b9e656ba-b9c0-4506-83ed-7b54b43a57cb", 63 | "organisation_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 64 | "org_id": "1", 65 | "sync_user_id": "0", 66 | "active": true, 67 | "created": "2022-08-31 14:41:35", 68 | "modified": "2022-08-31 15:06:51", 69 | "local": true, 70 | "roaming": false, 71 | "Organisation": { 72 | "id": "1", 73 | "name": "test_org", 74 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595" 75 | } 76 | }, 77 | "Attribute": [ 78 | { 79 | "id": "1", 80 | "type": "hostname", 81 | "category": "Network activity", 82 | "to_ids": true, 83 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 84 | "event_id": "1", 85 | "distribution": "5", 86 | "timestamp": "1661956788", 87 | "comment": "", 88 | "sharing_group_id": "0", 89 | "deleted": false, 90 | "disable_correlation": false, 91 | "object_id": "3", 92 | "object_relation": "hostname", 93 | "first_seen": null, 94 | "last_seen": null, 95 | "value": "example.com", 96 | "Galaxy": [], 97 | "ShadowAttribute": [] 98 | } 99 | ] 100 | } 101 | ], 102 | "EventReport": [], 103 | "CryptographicKey": [] 104 | } 105 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_object_type.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked object type", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "person", 43 | "meta-category": "misc", 44 | "description": "An object which describes a person or an identity.", 45 | "template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248", 46 | "template_version": "18", 47 | "event_id": "1", 48 | "uuid": "d4b22853-d3ca-43d2-9c19-46c4eb7082bc", 49 | "timestamp": "1662453827", 50 | "distribution": "5", 51 | "sharing_group_id": "0", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "Attribute": [ 58 | { 59 | "id": "1", 60 | "type": "last-name", 61 | "category": "Person2", 62 | "to_ids": false, 63 | "uuid": "8bd8d8ee-e823-4a38-af83-a0fe518bf869", 64 | "event_id": "1", 65 | "distribution": "5", 66 | "timestamp": "1662453827", 67 | "comment": "", 68 | "sharing_group_id": "0", 69 | "deleted": false, 70 | "disable_correlation": false, 71 | "object_id": "4", 72 | "object_relation": "last-name", 73 | "first_seen": null, 74 | "last_seen": null, 75 | "value": "Doe", 76 | "Galaxy": [], 77 | "ShadowAttribute": [] 78 | } 79 | ] 80 | } 81 | ], 82 | "EventReport": [], 83 | "CryptographicKey": [] 84 | } 85 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_required_allowed_tag.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked missing required allowed event tag", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Tag": [ 24 | { 25 | "id": "1", 26 | "name": "tlp:amber", 27 | "colour": "#FF0000" 28 | } 29 | ], 30 | "Org": { 31 | "id": "1", 32 | "name": "HOST", 33 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 34 | "local": true 35 | }, 36 | "Orgc": { 37 | "id": "1", 38 | "name": "HOST", 39 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 40 | "local": true 41 | }, 42 | "Attribute": [ 43 | { 44 | "id": "1", 45 | "type": "ip-src", 46 | "category": "Network activity", 47 | "to_ids": false, 48 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 49 | "event_id": "1", 50 | "distribution": "5", 51 | "timestamp": "1661956302", 52 | "comment": "", 53 | "sharing_group_id": "0", 54 | "deleted": false, 55 | "disable_correlation": false, 56 | "object_id": "0", 57 | "object_relation": null, 58 | "first_seen": null, 59 | "last_seen": null, 60 | "value": "2.2.2.2", 61 | "Galaxy": [], 62 | "ShadowAttribute": [] 63 | } 64 | ], 65 | "ShadowAttribute": [], 66 | "RelatedEvent": [], 67 | "Galaxy": [], 68 | "Object": [], 69 | "EventReport": [], 70 | "CryptographicKey": [] 71 | } 72 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_required_blocked_tag.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event tag", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Tag": [ 24 | { 25 | "id": "1", 26 | "name": "tlp:rainbow", 27 | "colour": "#123456" 28 | } 29 | ], 30 | "Org": { 31 | "id": "1", 32 | "name": "HOST", 33 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 34 | "local": true 35 | }, 36 | "Orgc": { 37 | "id": "1", 38 | "name": "HOST", 39 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 40 | "local": true 41 | }, 42 | "Attribute": [ 43 | { 44 | "id": "1", 45 | "type": "ip-src", 46 | "category": "Network activity", 47 | "to_ids": false, 48 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 49 | "event_id": "1", 50 | "distribution": "5", 51 | "timestamp": "1661956302", 52 | "comment": "", 53 | "sharing_group_id": "0", 54 | "deleted": false, 55 | "disable_correlation": false, 56 | "object_id": "0", 57 | "object_relation": null, 58 | "first_seen": null, 59 | "last_seen": null, 60 | "value": "2.2.2.2", 61 | "Galaxy": [], 62 | "ShadowAttribute": [] 63 | } 64 | ], 65 | "ShadowAttribute": [], 66 | "RelatedEvent": [], 67 | "Galaxy": [], 68 | "Object": [], 69 | "EventReport": [], 70 | "CryptographicKey": [] 71 | } 72 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_required_tag.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked missing required event tag", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Tag": [], 24 | "Org": { 25 | "id": "1", 26 | "name": "HOST", 27 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 28 | "local": true 29 | }, 30 | "Orgc": { 31 | "id": "1", 32 | "name": "HOST", 33 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 34 | "local": true 35 | }, 36 | "Attribute": [ 37 | { 38 | "id": "1", 39 | "type": "ip-src", 40 | "category": "Network activity", 41 | "to_ids": false, 42 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 43 | "event_id": "1", 44 | "distribution": "5", 45 | "timestamp": "1661956302", 46 | "comment": "", 47 | "sharing_group_id": "0", 48 | "deleted": false, 49 | "disable_correlation": false, 50 | "object_id": "0", 51 | "object_relation": null, 52 | "first_seen": null, 53 | "last_seen": null, 54 | "value": "2.2.2.2", 55 | "Galaxy": [], 56 | "ShadowAttribute": [] 57 | } 58 | ], 59 | "ShadowAttribute": [], 60 | "RelatedEvent": [], 61 | "Galaxy": [], 62 | "Object": [], 63 | "EventReport": [], 64 | "CryptographicKey": [] 65 | } 66 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_sharing_group.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event sharing group", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "1", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "SharingGroup": { 24 | "id": "1", 25 | "name": "test_sharing_group", 26 | "releasability": "", 27 | "description": "", 28 | "uuid": "b9e656ba-b9c0-4506-83ed-7b54b43a57cb", 29 | "organisation_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "org_id": "1", 31 | "sync_user_id": "0", 32 | "active": true, 33 | "created": "2022-08-31 14:41:35", 34 | "modified": "2022-08-31 15:06:51", 35 | "local": true, 36 | "roaming": false, 37 | "Organisation": { 38 | "id": "1", 39 | "name": "test_org", 40 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595" 41 | } 42 | }, 43 | "Org": { 44 | "id": "1", 45 | "name": "HOST", 46 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 47 | "local": true 48 | }, 49 | "Orgc": { 50 | "id": "1", 51 | "name": "HOST", 52 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 53 | "local": true 54 | }, 55 | "Attribute": [ 56 | { 57 | "id": "1", 58 | "type": "ip-src", 59 | "category": "Network activity", 60 | "to_ids": false, 61 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 62 | "event_id": "1", 63 | "distribution": "5", 64 | "timestamp": "1661956302", 65 | "comment": "", 66 | "sharing_group_id": "0", 67 | "deleted": false, 68 | "disable_correlation": false, 69 | "object_id": "0", 70 | "object_relation": null, 71 | "first_seen": null, 72 | "last_seen": null, 73 | "value": "2.2.2.2", 74 | "Galaxy": [], 75 | "ShadowAttribute": [] 76 | } 77 | ], 78 | "ShadowAttribute": [], 79 | "RelatedEvent": [], 80 | "Galaxy": [], 81 | "Object": [], 82 | "EventReport": [], 83 | "CryptographicKey": [] 84 | } 85 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_blocked_tags.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event tag", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Tag": [ 24 | { 25 | "id": "1", 26 | "name": "tlp:red", 27 | "colour": "#FF0000" 28 | } 29 | ], 30 | "Org": { 31 | "id": "1", 32 | "name": "HOST", 33 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 34 | "local": true 35 | }, 36 | "Orgc": { 37 | "id": "1", 38 | "name": "HOST", 39 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 40 | "local": true 41 | }, 42 | "Attribute": [ 43 | { 44 | "id": "1", 45 | "type": "ip-src", 46 | "category": "Network activity", 47 | "to_ids": false, 48 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 49 | "event_id": "1", 50 | "distribution": "5", 51 | "timestamp": "1661956302", 52 | "comment": "", 53 | "sharing_group_id": "0", 54 | "deleted": false, 55 | "disable_correlation": false, 56 | "object_id": "0", 57 | "object_relation": null, 58 | "first_seen": null, 59 | "last_seen": null, 60 | "value": "2.2.2.2", 61 | "Galaxy": [], 62 | "ShadowAttribute": [] 63 | } 64 | ], 65 | "ShadowAttribute": [], 66 | "RelatedEvent": [], 67 | "Galaxy": [], 68 | "Object": [], 69 | "EventReport": [], 70 | "CryptographicKey": [] 71 | } 72 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_non-blocked.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "non-blocked", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "8.8.8.8", 54 | "Galaxy": [], 55 | "ShadowAttribute": [] 56 | } 57 | ], 58 | "ShadowAttribute": [], 59 | "RelatedEvent": [], 60 | "Galaxy": [], 61 | "Object": [], 62 | "EventReport": [], 63 | "CryptographicKey": [] 64 | } 65 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_non-blocked_required_allowed_tag.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "non-blocked", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Tag": [ 24 | { 25 | "id": "1", 26 | "name": "tlp:clear", 27 | "colour": "#FFFFFF" 28 | } 29 | ], 30 | "Org": { 31 | "id": "1", 32 | "name": "HOST", 33 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 34 | "local": true 35 | }, 36 | "Orgc": { 37 | "id": "1", 38 | "name": "HOST", 39 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 40 | "local": true 41 | }, 42 | "Attribute": [ 43 | { 44 | "id": "1", 45 | "type": "ip-src", 46 | "category": "Network activity", 47 | "to_ids": false, 48 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 49 | "event_id": "1", 50 | "distribution": "5", 51 | "timestamp": "1661956302", 52 | "comment": "", 53 | "sharing_group_id": "0", 54 | "deleted": false, 55 | "disable_correlation": false, 56 | "object_id": "0", 57 | "object_relation": null, 58 | "first_seen": null, 59 | "last_seen": null, 60 | "value": "8.8.8.8", 61 | "Galaxy": [], 62 | "ShadowAttribute": [], 63 | "Tag": [ 64 | { 65 | "id": "1", 66 | "name": "tlp:clear", 67 | "colour": "#FFFFF" 68 | } 69 | ] 70 | } 71 | ], 72 | "ShadowAttribute": [], 73 | "RelatedEvent": [], 74 | "Galaxy": [], 75 | "Object": [], 76 | "EventReport": [], 77 | "CryptographicKey": [] 78 | } 79 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_note_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "non-blocked", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "8.8.8.8", 54 | "Galaxy": [], 55 | "ShadowAttribute": [] 56 | } 57 | ], 58 | "ShadowAttribute": [], 59 | "RelatedEvent": [], 60 | "Galaxy": [], 61 | "Object": [], 62 | "EventReport": [], 63 | "CryptographicKey": [], 64 | "Note": [ 65 | { 66 | "id": "1", 67 | "uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d", 68 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 69 | "object_type": "Attribute", 70 | "authors": "john.doe@admin.test", 71 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 72 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 73 | "created": "2024-10-04 08:09:39", 74 | "modified": "2024-10-04 08:09:39", 75 | "distribution": "0", 76 | "sharing_group_id": null, 77 | "locked": false, 78 | "note": "Ceci est une note", 79 | "language": "fr-BE", 80 | "note_type": 0, 81 | "note_type_name": "Note", 82 | "Org": { 83 | "id": "1", 84 | "name": "HOST", 85 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 86 | "local": true 87 | }, 88 | "Orgc": { 89 | "id": "1", 90 | "name": "HOST", 91 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 92 | "local": true 93 | }, 94 | "_canEdit": true 95 | } 96 | ] 97 | } 98 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_opinion_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "non-blocked", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "8.8.8.8", 54 | "Galaxy": [], 55 | "ShadowAttribute": [] 56 | } 57 | ], 58 | "ShadowAttribute": [], 59 | "RelatedEvent": [], 60 | "Galaxy": [], 61 | "Object": [], 62 | "EventReport": [], 63 | "CryptographicKey": [], 64 | "Opinion": [ 65 | { 66 | "id": "1", 67 | "uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c", 68 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 69 | "object_type": "Event", 70 | "authors": "john.doe@admin.test", 71 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 72 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 73 | "created": "2024-10-04 08:09:47", 74 | "modified": "2024-10-04 08:09:47", 75 | "distribution": "0", 76 | "sharing_group_id": null, 77 | "locked": false, 78 | "opinion": "75", 79 | "comment": "This is an opinion", 80 | "note_type": 1, 81 | "note_type_name": "Opinion", 82 | "Org": { 83 | "id": "1", 84 | "name": "HOST", 85 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 86 | "local": true 87 | }, 88 | "Orgc": { 89 | "id": "1", 90 | "name": "HOST", 91 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 92 | "local": true 93 | }, 94 | "_canEdit": true 95 | } 96 | ] 97 | } 98 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_relationship_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "non-blocked", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "5", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "0", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "8.8.8.8", 54 | "Galaxy": [], 55 | "ShadowAttribute": [] 56 | } 57 | ], 58 | "ShadowAttribute": [], 59 | "RelatedEvent": [], 60 | "Galaxy": [], 61 | "Object": [], 62 | "EventReport": [], 63 | "CryptographicKey": [], 64 | "Relationship": [ 65 | { 66 | "id": "1", 67 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 68 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 69 | "object_type": "Attribute", 70 | "authors": "admin@admin.test", 71 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 72 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 73 | "created": "2024-10-30 11:09:13", 74 | "modified": "2024-10-30 11:09:13", 75 | "distribution": "0", 76 | "sharing_group_id": null, 77 | "locked": false, 78 | "relationship_type": "Acquaintance", 79 | "related_object_uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 80 | "related_object_type": "Event", 81 | "note_type": 2, 82 | "note_type_name": "Relationship", 83 | "Org": { 84 | "id": "1", 85 | "name": "HOST", 86 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 87 | "local": true 88 | }, 89 | "Orgc": { 90 | "id": "1", 91 | "name": "HOST", 92 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 93 | "local": true 94 | }, 95 | "_canEdit": true, 96 | "related_object": { 97 | "Event": { 98 | "id": "37", 99 | "org_id": "6", 100 | "date": "2022-03-24", 101 | "info": "Test Event", 102 | "user_id": "138", 103 | "uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 104 | "published": true, 105 | "analysis": "1", 106 | "attribute_count": "11", 107 | "orgc_id": "2", 108 | "timestamp": "1730278463", 109 | "distribution": "3", 110 | "sharing_group_id": "0", 111 | "proposal_email_lock": false, 112 | "locked": true, 113 | "threat_level_id": "2", 114 | "publish_timestamp": "1730278489", 115 | "sighting_timestamp": "0", 116 | "disable_correlation": false, 117 | "extends_uuid": "", 118 | "protected": null 119 | } 120 | } 121 | } 122 | ] 123 | } 124 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_xuserorguuid-attribute_blocked_sharing_group.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event with X-UserOrgUUID sharing group mismatch", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 33 | "local": true 34 | }, 35 | "Attribute": [ 36 | { 37 | "id": "1", 38 | "type": "ip-src", 39 | "category": "Network activity", 40 | "to_ids": false, 41 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 42 | "event_id": "1", 43 | "distribution": "4", 44 | "timestamp": "1661956302", 45 | "comment": "", 46 | "sharing_group_id": "1", 47 | "deleted": false, 48 | "disable_correlation": false, 49 | "object_id": "0", 50 | "object_relation": null, 51 | "first_seen": null, 52 | "last_seen": null, 53 | "value": "2.2.2.2", 54 | "Galaxy": [], 55 | "ShadowAttribute": [], 56 | "SharingGroup": { 57 | "id": "1", 58 | "name": "test_sharing_group", 59 | "releasability": "", 60 | "description": "", 61 | "uuid": "e5d5a2a7-d659-4022-8b59-6afa4b658fd5", 62 | "organisation_uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 63 | "org_id": "1", 64 | "sync_user_id": "0", 65 | "active": true, 66 | "created": "2022-08-31 14:41:35", 67 | "modified": "2022-08-31 15:06:51", 68 | "local": true, 69 | "roaming": false, 70 | "Organisation": { 71 | "id": "1", 72 | "name": "test_org", 73 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" 74 | }, 75 | "SharingGroupOrg": [ 76 | { 77 | "id": "10", 78 | "sharing_group_id": "1", 79 | "org_id": "1", 80 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 81 | "extend": true, 82 | "Organisation": { 83 | "id": "1", 84 | "name": "test_org", 85 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" 86 | } 87 | } 88 | ], 89 | "SharingGroupServer": [] 90 | } 91 | } 92 | ], 93 | "ShadowAttribute": [], 94 | "RelatedEvent": [], 95 | "Galaxy": [], 96 | "Object": [], 97 | "EventReport": [], 98 | "CryptographicKey": [] 99 | } 100 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_xuserorguuid-blocked_sharing_group.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event with X-UserOrgUUID sharing group mismatch", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "4", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "1", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "SharingGroup": { 24 | "id": "1", 25 | "name": "test_sharing_group", 26 | "releasability": "", 27 | "description": "", 28 | "uuid": "e5d5a2a7-d659-4022-8b59-6afa4b658fd5", 29 | "organisation_uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 30 | "org_id": "1", 31 | "sync_user_id": "0", 32 | "active": true, 33 | "created": "2022-08-31 14:41:35", 34 | "modified": "2022-08-31 15:06:51", 35 | "local": true, 36 | "roaming": false, 37 | "Organisation": { 38 | "id": "1", 39 | "name": "test_org", 40 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" 41 | }, 42 | "SharingGroupOrg": [ 43 | { 44 | "id": "10", 45 | "sharing_group_id": "1", 46 | "org_id": "1", 47 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 48 | "extend": true, 49 | "Organisation": { 50 | "id": "1", 51 | "name": "test_org", 52 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" 53 | } 54 | } 55 | ], 56 | "SharingGroupServer": [] 57 | }, 58 | "Org": { 59 | "id": "1", 60 | "name": "HOST", 61 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 62 | "local": true 63 | }, 64 | "Orgc": { 65 | "id": "1", 66 | "name": "HOST", 67 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 68 | "local": true 69 | }, 70 | "Attribute": [ 71 | { 72 | "id": "1", 73 | "type": "ip-src", 74 | "category": "Network activity", 75 | "to_ids": false, 76 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 77 | "event_id": "1", 78 | "distribution": "5", 79 | "timestamp": "1661956302", 80 | "comment": "", 81 | "sharing_group_id": "0", 82 | "deleted": false, 83 | "disable_correlation": false, 84 | "object_id": "0", 85 | "object_relation": null, 86 | "first_seen": null, 87 | "last_seen": null, 88 | "value": "2.2.2.2", 89 | "Galaxy": [], 90 | "ShadowAttribute": [] 91 | } 92 | ], 93 | "ShadowAttribute": [], 94 | "RelatedEvent": [], 95 | "Galaxy": [], 96 | "Object": [], 97 | "EventReport": [], 98 | "CryptographicKey": [] 99 | } 100 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_event_xuserorguuid-object-attribute_blocked_sharing_group.json: -------------------------------------------------------------------------------- 1 | { 2 | "Event": { 3 | "id": "1", 4 | "orgc_id": "1", 5 | "org_id": "1", 6 | "date": "2022-08-31", 7 | "threat_level_id": "1", 8 | "info": "blocked event with X-UserOrgUUID sharing group mismatch", 9 | "published": false, 10 | "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 11 | "attribute_count": "4", 12 | "analysis": "0", 13 | "timestamp": "1661956788", 14 | "distribution": "2", 15 | "proposal_email_lock": false, 16 | "locked": false, 17 | "publish_timestamp": "1661956380", 18 | "sharing_group_id": "0", 19 | "disable_correlation": false, 20 | "extends_uuid": "", 21 | "protected": null, 22 | "event_creator_email": "admin@admin.test", 23 | "Org": { 24 | "id": "1", 25 | "name": "HOST", 26 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 27 | "local": true 28 | }, 29 | "Orgc": { 30 | "id": "1", 31 | "name": "HOST", 32 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 33 | "local": true 34 | }, 35 | "Attribute": [], 36 | "ShadowAttribute": [], 37 | "RelatedEvent": [], 38 | "Galaxy": [], 39 | "Object": [ 40 | { 41 | "id": "1", 42 | "name": "domain-ip", 43 | "meta-category": "network", 44 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 45 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 46 | "template_version": "10", 47 | "event_id": "1", 48 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 49 | "timestamp": "1661956788", 50 | "distribution": "4", 51 | "sharing_group_id": "1", 52 | "comment": "", 53 | "deleted": false, 54 | "first_seen": null, 55 | "last_seen": null, 56 | "ObjectReference": [], 57 | "SharingGroup": { 58 | "id": "1", 59 | "name": "test_sharing_group", 60 | "releasability": "", 61 | "description": "", 62 | "uuid": "e5d5a2a7-d659-4022-8b59-6afa4b658fd5", 63 | "organisation_uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 64 | "org_id": "1", 65 | "sync_user_id": "0", 66 | "active": true, 67 | "created": "2022-08-31 14:41:35", 68 | "modified": "2022-08-31 15:06:51", 69 | "local": true, 70 | "roaming": false, 71 | "Organisation": { 72 | "id": "1", 73 | "name": "test_org", 74 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" 75 | }, 76 | "SharingGroupOrg": [ 77 | { 78 | "id": "10", 79 | "sharing_group_id": "1", 80 | "org_id": "1", 81 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a", 82 | "extend": true, 83 | "Organisation": { 84 | "id": "1", 85 | "name": "test_org", 86 | "uuid": "87c33ffe-f83c-4eb1-be09-51f767f6fd5a" 87 | } 88 | } 89 | ], 90 | "SharingGroupServer": [] 91 | }, 92 | "Attribute": [ 93 | { 94 | "id": "1", 95 | "type": "hostname", 96 | "category": "Network activity", 97 | "to_ids": true, 98 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 99 | "event_id": "1", 100 | "distribution": "5", 101 | "timestamp": "1661956788", 102 | "comment": "", 103 | "sharing_group_id": "0", 104 | "deleted": false, 105 | "disable_correlation": false, 106 | "object_id": "3", 107 | "object_relation": "hostname", 108 | "first_seen": null, 109 | "last_seen": null, 110 | "value": "example.com", 111 | "Galaxy": [], 112 | "ShadowAttribute": [], 113 | "Tag": [ 114 | { 115 | "id": "1", 116 | "name": "tlp:red", 117 | "colour": "#FF0000" 118 | } 119 | ] 120 | } 121 | ] 122 | } 123 | ], 124 | "EventReport": [], 125 | "CryptographicKey": [] 126 | } 127 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_filter_analyst_data_for_push_non-blocked.json: -------------------------------------------------------------------------------- 1 | { 2 | "Note": { 3 | "5352d149-7cb8-4b91-a403-b3428c4b9dae": "2025-01-08 10:37:00", 4 | "f8b4e5b2-6d6a-4ed5-9355-dc8666a08170": "2025-01-08 10:45:38", 5 | "5b3cd8cf-bfea-4d4d-811b-20c16a96334a": "2025-01-08 10:49:19" 6 | } 7 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_galaxy_cluster_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "GalaxyCluster": { 3 | "id": "1", 4 | "uuid": "8faab056-4212-4e80-8b54-b7eadec6b739", 5 | "collection_uuid": "", 6 | "type": "test-galaxy", 7 | "value": "test value", 8 | "tag_name": "", 9 | "description": "Test Galaxy Cluster", 10 | "galaxy_id": "1", 11 | "source": "", 12 | "authors": [], 13 | "version": "1", 14 | "distribution": "0", 15 | "sharing_group_id": null, 16 | "org_id": "1", 17 | "orgc_id": "1", 18 | "default": false, 19 | "locked": false, 20 | "extends_uuid": "57d4aa66-a73f-4c9e-aa3e-712b23fd6d9a", 21 | "extends_version": "1", 22 | "published": true, 23 | "deleted": false, 24 | "Galaxy": { 25 | "id": "1", 26 | "uuid": "c5f2dfb4-21a1-42d8-a452-1d3c36a204ff", 27 | "name": "Test Galaxy", 28 | "type": "test-galaxy", 29 | "description": "Test Galaxy", 30 | "version": "1", 31 | "icon": "map", 32 | "namespace": "test-galaxy", 33 | "enabled": true, 34 | "local_only": false, 35 | "kill_chain_order": {} 36 | }, 37 | "GalaxyElement": [ 38 | { 39 | "id": "1", 40 | "galaxy_cluster_id": "1", 41 | "key": "test", 42 | "value": "element" 43 | } 44 | ], 45 | "GalaxyClusterRelation": [], 46 | "Org": { 47 | "id": "1", 48 | "name": "HOST", 49 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 50 | "local": true 51 | }, 52 | "Orgc": { 53 | "id": "1", 54 | "name": "HOST", 55 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 56 | "local": true 57 | } 58 | } 59 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_galaxy_cluster_non-blocked_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "GalaxyCluster": { 3 | "id": "1", 4 | "uuid": "8faab056-4212-4e80-8b54-b7eadec6b739", 5 | "collection_uuid": "", 6 | "type": "test-galaxy", 7 | "value": "test value", 8 | "tag_name": "", 9 | "description": "Test Galaxy Cluster", 10 | "galaxy_id": "1", 11 | "source": "", 12 | "authors": [], 13 | "version": "1", 14 | "distribution": "3", 15 | "sharing_group_id": null, 16 | "org_id": "1", 17 | "orgc_id": "1", 18 | "default": false, 19 | "locked": false, 20 | "extends_uuid": "57d4aa66-a73f-4c9e-aa3e-712b23fd6d9a", 21 | "extends_version": "1", 22 | "published": true, 23 | "deleted": false, 24 | "Galaxy": { 25 | "id": "1", 26 | "uuid": "c5f2dfb4-21a1-42d8-a452-1d3c36a204ff", 27 | "name": "Test Galaxy", 28 | "type": "test-galaxy", 29 | "description": "Test Galaxy", 30 | "version": "1", 31 | "icon": "map", 32 | "namespace": "test-galaxy", 33 | "enabled": true, 34 | "local_only": false, 35 | "kill_chain_order": {} 36 | }, 37 | "GalaxyElement": [ 38 | { 39 | "id": "1", 40 | "galaxy_cluster_id": "1", 41 | "key": "test", 42 | "value": "element" 43 | } 44 | ], 45 | "GalaxyClusterRelation": [], 46 | "Org": { 47 | "id": "1", 48 | "name": "HOST", 49 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 50 | "local": true 51 | }, 52 | "Orgc": { 53 | "id": "1", 54 | "name": "HOST", 55 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 56 | "local": true 57 | } 58 | } 59 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_galaxy_clusters_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "GalaxyCluster": { 4 | "id": "1", 5 | "uuid": "8faab056-4212-4e80-8b54-b7eadec6b739", 6 | "collection_uuid": "", 7 | "type": "test-galaxy", 8 | "value": "test value", 9 | "tag_name": "", 10 | "description": "Test Galaxy Cluster", 11 | "galaxy_id": "1", 12 | "source": "", 13 | "authors": [], 14 | "version": "1", 15 | "distribution": "0", 16 | "sharing_group_id": null, 17 | "org_id": "1", 18 | "orgc_id": "1", 19 | "default": false, 20 | "locked": false, 21 | "extends_uuid": "57d4aa66-a73f-4c9e-aa3e-712b23fd6d9a", 22 | "extends_version": "1", 23 | "published": true, 24 | "deleted": false, 25 | "Galaxy": { 26 | "id": "1", 27 | "uuid": "c5f2dfb4-21a1-42d8-a452-1d3c36a204ff", 28 | "name": "Test Galaxy", 29 | "type": "test-galaxy", 30 | "description": "Test Galaxy", 31 | "version": "1", 32 | "icon": "map", 33 | "namespace": "test-galaxy", 34 | "enabled": true, 35 | "local_only": false, 36 | "kill_chain_order": {} 37 | }, 38 | "GalaxyElement": [ 39 | { 40 | "id": "1", 41 | "galaxy_cluster_id": "1", 42 | "key": "test", 43 | "value": "element" 44 | } 45 | ], 46 | "GalaxyClusterRelation": [], 47 | "Org": { 48 | "id": "1", 49 | "name": "HOST", 50 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 51 | "local": true 52 | }, 53 | "Orgc": { 54 | "id": "1", 55 | "name": "HOST", 56 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 57 | "local": true 58 | } 59 | } 60 | } 61 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_galaxy_clusters_non-blocked_distribution.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "GalaxyCluster": { 4 | "id": "1", 5 | "uuid": "8faab056-4212-4e80-8b54-b7eadec6b739", 6 | "collection_uuid": "", 7 | "type": "test-galaxy", 8 | "value": "test value", 9 | "tag_name": "", 10 | "description": "Test Galaxy Cluster", 11 | "galaxy_id": "1", 12 | "source": "", 13 | "authors": [], 14 | "version": "1", 15 | "distribution": "3", 16 | "sharing_group_id": null, 17 | "org_id": "1", 18 | "orgc_id": "1", 19 | "default": false, 20 | "locked": false, 21 | "extends_uuid": "57d4aa66-a73f-4c9e-aa3e-712b23fd6d9a", 22 | "extends_version": "1", 23 | "published": true, 24 | "deleted": false, 25 | "Galaxy": { 26 | "id": "1", 27 | "uuid": "c5f2dfb4-21a1-42d8-a452-1d3c36a204ff", 28 | "name": "Test Galaxy", 29 | "type": "test-galaxy", 30 | "description": "Test Galaxy", 31 | "version": "1", 32 | "icon": "map", 33 | "namespace": "test-galaxy", 34 | "enabled": true, 35 | "local_only": false, 36 | "kill_chain_order": {} 37 | }, 38 | "GalaxyElement": [ 39 | { 40 | "id": "1", 41 | "galaxy_cluster_id": "1", 42 | "key": "test", 43 | "value": "element" 44 | } 45 | ], 46 | "GalaxyClusterRelation": [], 47 | "Org": { 48 | "id": "1", 49 | "name": "HOST", 50 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 51 | "local": true 52 | }, 53 | "Orgc": { 54 | "id": "1", 55 | "name": "HOST", 56 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 57 | "local": true 58 | } 59 | } 60 | } 61 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_invalid_config.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_note_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Note": { 3 | "id": "1", 4 | "uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d", 5 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 6 | "object_type": "Attribute", 7 | "authors": "john.doe@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-04 08:09:39", 11 | "modified": "2024-10-04 08:09:39", 12 | "distribution": "0", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "note": "Ceci est une note", 16 | "language": "fr-BE", 17 | "note_type": 0, 18 | "note_type_name": "Note", 19 | "Org": { 20 | "id": "1", 21 | "name": "HOST", 22 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 23 | "local": true 24 | }, 25 | "Orgc": { 26 | "id": "1", 27 | "name": "HOST", 28 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 29 | "local": true 30 | }, 31 | "_canEdit": true 32 | } 33 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_note_non-blocked.json: -------------------------------------------------------------------------------- 1 | { 2 | "Note": { 3 | "id": "1", 4 | "uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d", 5 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 6 | "object_type": "Attribute", 7 | "authors": "john.doe@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-04 08:09:39", 11 | "modified": "2024-10-04 08:09:39", 12 | "distribution": "1", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "note": "Ceci est une note", 16 | "language": "fr-BE", 17 | "note_type": 0, 18 | "note_type_name": "Note", 19 | "Org": { 20 | "id": "1", 21 | "name": "HOST", 22 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 23 | "local": true 24 | }, 25 | "Orgc": { 26 | "id": "1", 27 | "name": "HOST", 28 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 29 | "local": true 30 | }, 31 | "_canEdit": true 32 | } 33 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_opinion_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Opinion": { 3 | "id": "1", 4 | "uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c", 5 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 6 | "object_type": "Event", 7 | "authors": "john.doe@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-04 08:09:47", 11 | "modified": "2024-10-04 08:09:47", 12 | "distribution": "0", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "opinion": "75", 16 | "comment": "This is an opinion", 17 | "note_type": 1, 18 | "note_type_name": "Opinion", 19 | "Org": { 20 | "id": "1", 21 | "name": "HOST", 22 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 23 | "local": true 24 | }, 25 | "Orgc": { 26 | "id": "1", 27 | "name": "HOST", 28 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 29 | "local": true 30 | }, 31 | "_canEdit": true 32 | } 33 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_opinion_non-blocked.json: -------------------------------------------------------------------------------- 1 | { 2 | "Opinion": { 3 | "id": "1", 4 | "uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c", 5 | "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8", 6 | "object_type": "Event", 7 | "authors": "john.doe@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-04 08:09:47", 11 | "modified": "2024-10-04 08:09:47", 12 | "distribution": "1", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "opinion": "75", 16 | "comment": "This is an opinion", 17 | "note_type": 1, 18 | "note_type_name": "Opinion", 19 | "Org": { 20 | "id": "1", 21 | "name": "HOST", 22 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 23 | "local": true 24 | }, 25 | "Orgc": { 26 | "id": "1", 27 | "name": "HOST", 28 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 29 | "local": true 30 | }, 31 | "_canEdit": true 32 | } 33 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_relationship_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Relationship": { 3 | "id": "1", 4 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 5 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 6 | "object_type": "Attribute", 7 | "authors": "admin@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-30 11:09:13", 11 | "modified": "2024-10-30 11:09:13", 12 | "distribution": "0", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "relationship_type": "Acquaintance", 16 | "related_object_uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 17 | "related_object_type": "Event", 18 | "note_type": 2, 19 | "note_type_name": "Relationship", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true, 33 | "related_object": { 34 | "Event": { 35 | "id": "37", 36 | "org_id": "6", 37 | "date": "2022-03-24", 38 | "info": "Test Event", 39 | "user_id": "138", 40 | "uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 41 | "published": true, 42 | "analysis": "1", 43 | "attribute_count": "11", 44 | "orgc_id": "2", 45 | "timestamp": "1730278463", 46 | "distribution": "3", 47 | "sharing_group_id": "0", 48 | "proposal_email_lock": false, 49 | "locked": true, 50 | "threat_level_id": "2", 51 | "publish_timestamp": "1730278489", 52 | "sighting_timestamp": "0", 53 | "disable_correlation": false, 54 | "extends_uuid": "", 55 | "protected": null 56 | } 57 | } 58 | } 59 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_relationship_blocked_related_attribute_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Relationship": { 3 | "id": "1", 4 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 5 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 6 | "object_type": "Attribute", 7 | "authors": "admin@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-30 11:09:13", 11 | "modified": "2024-10-30 11:09:13", 12 | "distribution": "1", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "relationship_type": "Acquaintance", 16 | "related_object_uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 17 | "related_object_type": "Attribute", 18 | "note_type": 2, 19 | "note_type_name": "Relationship", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true, 33 | "related_object": { 34 | "Attribute": { 35 | "id": "1", 36 | "type": "ip-src", 37 | "category": "Network activity", 38 | "to_ids": false, 39 | "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 40 | "event_id": "1", 41 | "distribution": "0", 42 | "timestamp": "1661956302", 43 | "comment": "", 44 | "sharing_group_id": "0", 45 | "deleted": false, 46 | "disable_correlation": false, 47 | "object_id": "0", 48 | "object_relation": null, 49 | "first_seen": null, 50 | "last_seen": null, 51 | "value": "2.2.2.2", 52 | "Galaxy": [], 53 | "ShadowAttribute": [] 54 | } 55 | } 56 | } 57 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_relationship_blocked_related_event_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Relationship": { 3 | "id": "1", 4 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 5 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 6 | "object_type": "Attribute", 7 | "authors": "admin@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-30 11:09:13", 11 | "modified": "2024-10-30 11:09:13", 12 | "distribution": "1", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "relationship_type": "Acquaintance", 16 | "related_object_uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 17 | "related_object_type": "Event", 18 | "note_type": 2, 19 | "note_type_name": "Relationship", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true, 33 | "related_object": { 34 | "Event": { 35 | "id": "37", 36 | "org_id": "6", 37 | "date": "2022-03-24", 38 | "info": "Test Event", 39 | "user_id": "138", 40 | "uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 41 | "published": true, 42 | "analysis": "1", 43 | "attribute_count": "11", 44 | "orgc_id": "2", 45 | "timestamp": "1730278463", 46 | "distribution": "0", 47 | "sharing_group_id": "0", 48 | "proposal_email_lock": false, 49 | "locked": true, 50 | "threat_level_id": "2", 51 | "publish_timestamp": "1730278489", 52 | "sighting_timestamp": "0", 53 | "disable_correlation": false, 54 | "extends_uuid": "", 55 | "protected": null 56 | } 57 | } 58 | } 59 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_relationship_blocked_related_object_distribution.json: -------------------------------------------------------------------------------- 1 | { 2 | "Relationship": { 3 | "id": "1", 4 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 5 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 6 | "object_type": "Attribute", 7 | "authors": "admin@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-30 11:09:13", 11 | "modified": "2024-10-30 11:09:13", 12 | "distribution": "1", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "relationship_type": "Acquaintance", 16 | "related_object_uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a", 17 | "related_object_type": "Object", 18 | "note_type": 2, 19 | "note_type_name": "Relationship", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true, 33 | "related_object": { 34 | "Object": { 35 | "id": "1", 36 | "name": "domain-ip", 37 | "meta-category": "network", 38 | "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", 39 | "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", 40 | "template_version": "10", 41 | "event_id": "1", 42 | "uuid": "feda50b8-c69c-4f5f-ae34-91b289e46799", 43 | "timestamp": "1661956788", 44 | "distribution": "0", 45 | "sharing_group_id": "0", 46 | "comment": "", 47 | "deleted": false, 48 | "first_seen": null, 49 | "last_seen": null, 50 | "ObjectReference": [], 51 | "Attribute": [ 52 | { 53 | "id": "1", 54 | "type": "hostname", 55 | "category": "Network activity", 56 | "to_ids": true, 57 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 58 | "event_id": "1", 59 | "distribution": "1", 60 | "timestamp": "1661956788", 61 | "comment": "", 62 | "sharing_group_id": "0", 63 | "deleted": false, 64 | "disable_correlation": false, 65 | "object_id": "3", 66 | "object_relation": "hostname", 67 | "first_seen": null, 68 | "last_seen": null, 69 | "value": "example.com", 70 | "Galaxy": [], 71 | "ShadowAttribute": [] 72 | } 73 | ] 74 | } 75 | } 76 | } 77 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_push_analyst_relationship_non-blocked.json: -------------------------------------------------------------------------------- 1 | { 2 | "Relationship": { 3 | "id": "1", 4 | "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9", 5 | "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd", 6 | "object_type": "Attribute", 7 | "authors": "admin@admin.test", 8 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 9 | "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 10 | "created": "2024-10-30 11:09:13", 11 | "modified": "2024-10-30 11:09:13", 12 | "distribution": "1", 13 | "sharing_group_id": null, 14 | "locked": false, 15 | "relationship_type": "Acquaintance", 16 | "related_object_uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 17 | "related_object_type": "Event", 18 | "note_type": 2, 19 | "note_type_name": "Relationship", 20 | "Org": { 21 | "id": "1", 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "local": true 25 | }, 26 | "Orgc": { 27 | "id": "1", 28 | "name": "HOST", 29 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 30 | "local": true 31 | }, 32 | "_canEdit": true, 33 | "related_object": { 34 | "Event": { 35 | "id": "37", 36 | "org_id": "6", 37 | "date": "2022-03-24", 38 | "info": "Test Event", 39 | "user_id": "138", 40 | "uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd", 41 | "published": true, 42 | "analysis": "1", 43 | "attribute_count": "11", 44 | "orgc_id": "2", 45 | "timestamp": "1730278463", 46 | "distribution": "3", 47 | "sharing_group_id": "0", 48 | "proposal_email_lock": false, 49 | "locked": true, 50 | "threat_level_id": "2", 51 | "publish_timestamp": "1730278489", 52 | "sighting_timestamp": "0", 53 | "disable_correlation": false, 54 | "extends_uuid": "", 55 | "protected": null 56 | } 57 | } 58 | } 59 | } -------------------------------------------------------------------------------- /src/test/fixtures/test_shadow_attributes_blocked_category.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ShadowAttribute": { 4 | "id": "2", 5 | "old_id": "1", 6 | "event_id": "1", 7 | "type": "last-name", 8 | "category": "Person", 9 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 10 | "to_ids": true, 11 | "comment": "", 12 | "org_id": "1", 13 | "timestamp": "1662472028", 14 | "first_seen": null, 15 | "last_seen": null, 16 | "value": "Doe", 17 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 18 | "old_uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 19 | "event_uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 20 | "Org": { 21 | "name": "HOST", 22 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 23 | "id": "1" 24 | } 25 | } 26 | } 27 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_shadow_attributes_blocked_distribution.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ShadowAttribute": { 4 | "id": "2", 5 | "old_id": "1", 6 | "event_id": "1", 7 | "type": "hostname", 8 | "category": "Network activity", 9 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 10 | "to_ids": true, 11 | "comment": "", 12 | "org_id": "1", 13 | "distribution": "0", 14 | "timestamp": "1662472028", 15 | "first_seen": null, 16 | "last_seen": null, 17 | "value": "example.com", 18 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 19 | "old_uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 20 | "event_uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 21 | "Org": { 22 | "name": "HOST", 23 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 24 | "id": "1" 25 | } 26 | } 27 | } 28 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_shadow_attributes_blocked_sharing_group.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ShadowAttribute": { 4 | "id": "2", 5 | "old_id": "1", 6 | "event_id": "1", 7 | "type": "hostname", 8 | "category": "Network activity", 9 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 10 | "to_ids": true, 11 | "comment": "", 12 | "org_id": "1", 13 | "timestamp": "1662472028", 14 | "first_seen": null, 15 | "last_seen": null, 16 | "value": "example.com", 17 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 18 | "old_uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 19 | "event_uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 20 | "SharingGroup": { 21 | "id": "1", 22 | "name": "test_sharing_group", 23 | "releasability": "", 24 | "description": "", 25 | "uuid": "b9e656ba-b9c0-4506-83ed-7b54b43a57cb", 26 | "organisation_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 27 | "org_id": "1", 28 | "sync_user_id": "0", 29 | "active": true, 30 | "created": "2022-08-31 14:41:35", 31 | "modified": "2022-08-31 15:06:51", 32 | "local": true, 33 | "roaming": false, 34 | "Organisation": { 35 | "id": "1", 36 | "name": "test_org", 37 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595" 38 | } 39 | }, 40 | "Org": { 41 | "name": "HOST", 42 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 43 | "id": "1" 44 | } 45 | } 46 | } 47 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_shadow_attributes_blocked_tag.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ShadowAttribute": { 4 | "id": "2", 5 | "old_id": "1", 6 | "event_id": "1", 7 | "type": "hostname", 8 | "category": "Network activity", 9 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 10 | "to_ids": true, 11 | "comment": "", 12 | "org_id": "1", 13 | "timestamp": "1662472028", 14 | "first_seen": null, 15 | "last_seen": null, 16 | "value": "foobar.com", 17 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 18 | "old_uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 19 | "event_uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 20 | "Org": { 21 | "name": "HOST", 22 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 23 | "id": "1" 24 | }, 25 | "Tag": [ 26 | { 27 | "id": "1", 28 | "name": "tlp:red", 29 | "colour": "#FF0000" 30 | } 31 | ] 32 | } 33 | } 34 | ] -------------------------------------------------------------------------------- /src/test/fixtures/test_shadow_attributes_blocked_type.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ShadowAttribute": { 4 | "id": "2", 5 | "old_id": "1", 6 | "event_id": "1", 7 | "type": "passport-number", 8 | "category": "PersonV2", 9 | "uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 10 | "to_ids": true, 11 | "comment": "", 12 | "org_id": "1", 13 | "timestamp": "1662472028", 14 | "first_seen": null, 15 | "last_seen": null, 16 | "value": "987654321", 17 | "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 18 | "old_uuid": "856a3eed-aa55-4c73-bd1c-1ceadca5ca76", 19 | "event_uuid": "385283a1-b5e0-4e10-a532-dce11c365a56", 20 | "Org": { 21 | "name": "HOST", 22 | "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595", 23 | "id": "1" 24 | } 25 | } 26 | } 27 | ] -------------------------------------------------------------------------------- /src/test/test_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "allowlist": { 3 | "urls": [ 4 | "http://www.dan.me.uk:443/torlist/?exit" 5 | ], 6 | "domains": [ 7 | "snort-org-site.s3.amazonaws.com" 8 | ] 9 | }, 10 | "compartments_rules": { 11 | "can_reach": { 12 | "compartment_1": [ 13 | "compartment_1", 14 | "compartment_2", 15 | "compartment_4" 16 | ], 17 | "compartment_2": [ 18 | "compartment_1", 19 | "compartment_2" 20 | ], 21 | "compartment_3": [ 22 | "compartment_1", 23 | "compartment_3" 24 | ], 25 | "compartment_4": [ 26 | "compartment_1", 27 | "compartment_2", 28 | "compartment_3", 29 | "compartment_4" 30 | ] 31 | } 32 | }, 33 | "instances": { 34 | "instance_1_1": { 35 | "ip": "10.0.0.1", 36 | "host": "instance1-comp1.com", 37 | "port": 443, 38 | "compartment_id": "compartment_1", 39 | "affiliation": "", 40 | "taxonomies_rules": { 41 | "required_taxonomies": [], 42 | "allowed_tags": {}, 43 | "blocked_tags": [ 44 | "tlp:red" 45 | ] 46 | }, 47 | "blocked_distribution_levels": [ 48 | "0" 49 | ], 50 | "blocked_sharing_groups_uuids": [ 51 | "b9e656ba-b9c0-4506-83ed-7b54b43a57cb" 52 | ], 53 | "blocked_attribute_types": [ 54 | "passport-number", 55 | "email" 56 | ], 57 | "blocked_attribute_categories": [ 58 | "Person" 59 | ], 60 | "blocked_object_types": [ 61 | "person" 62 | ] 63 | }, 64 | "instance_1_2": { 65 | "ip": "10.0.0.2", 66 | "host": "instance2-comp1.com", 67 | "port": 443, 68 | "compartment_id": "compartment_1", 69 | "affiliation": "", 70 | "taxonomies_rules": { 71 | "required_taxonomies": [], 72 | "allowed_tags": {}, 73 | "blocked_tags": [ 74 | "tlp:red" 75 | ] 76 | }, 77 | "blocked_distribution_levels": [ 78 | "0" 79 | ], 80 | "blocked_sharing_groups_uuids": [ 81 | "b9e656ba-b9c0-4506-83ed-7b54b43a57cb" 82 | ], 83 | "blocked_attribute_types": [ 84 | "passport-number", 85 | "email" 86 | ], 87 | "blocked_attribute_categories": [ 88 | "Person" 89 | ], 90 | "blocked_object_types": [ 91 | "person" 92 | ] 93 | }, 94 | "instance_2_1": { 95 | "ip": "20.0.0.1", 96 | "host": "instance1-comp2.com", 97 | "port": 443, 98 | "compartment_id": "compartment_2", 99 | "affiliation": "", 100 | "taxonomies_rules": { 101 | "required_taxonomies": [], 102 | "allowed_tags": {}, 103 | "blocked_tags": [ 104 | "tlp:red" 105 | ] 106 | }, 107 | "blocked_distribution_levels": [ 108 | "0" 109 | ], 110 | "blocked_sharing_groups_uuids": [ 111 | "b9e656ba-b9c0-4506-83ed-7b54b43a57cb" 112 | ], 113 | "blocked_attribute_types": [ 114 | "passport-number", 115 | "email" 116 | ], 117 | "blocked_attribute_categories": [ 118 | "Person" 119 | ], 120 | "blocked_object_types": [ 121 | "person" 122 | ] 123 | }, 124 | "instance_2_2": { 125 | "ip": "20.0.0.2", 126 | "host": "instance2-comp2.com", 127 | "port": 443, 128 | "compartment_id": "compartment_2", 129 | "affiliation": "", 130 | "taxonomies_rules": { 131 | "required_taxonomies": [], 132 | "allowed_tags": {}, 133 | "blocked_tags": [ 134 | "tlp:red" 135 | ] 136 | }, 137 | "blocked_distribution_levels": [ 138 | "0" 139 | ], 140 | "blocked_sharing_groups_uuids": [ 141 | "b9e656ba-b9c0-4506-83ed-7b54b43a57cb" 142 | ], 143 | "blocked_attribute_types": [ 144 | "passport-number", 145 | "email" 146 | ], 147 | "blocked_attribute_categories": [ 148 | "Person" 149 | ], 150 | "blocked_object_types": [ 151 | "person" 152 | ] 153 | }, 154 | "instance_1_3": { 155 | "ip": "30.0.0.1", 156 | "host": "instance1-comp3.com", 157 | "port": 443, 158 | "compartment_id": "compartment_3", 159 | "affiliation": "", 160 | "taxonomies_rules": { 161 | "required_taxonomies": [], 162 | "allowed_tags": {}, 163 | "blocked_tags": [ 164 | "tlp:red" 165 | ] 166 | }, 167 | "blocked_distribution_levels": [ 168 | "0" 169 | ], 170 | "blocked_sharing_groups_uuids": [ 171 | "b9e656ba-b9c0-4506-83ed-7b54b43a57cb" 172 | ], 173 | "blocked_attribute_types": [ 174 | "passport-number", 175 | "email" 176 | ], 177 | "blocked_attribute_categories": [ 178 | "Person" 179 | ], 180 | "blocked_object_types": [ 181 | "person" 182 | ] 183 | }, 184 | "instance_1_4": { 185 | "ip": "40.0.0.1", 186 | "host": "instance1-comp4.com", 187 | "port": 443, 188 | "compartment_id": "compartment_4", 189 | "affiliation": "", 190 | "taxonomies_rules": { 191 | "required_taxonomies": [ 192 | "tlp" 193 | ], 194 | "allowed_tags": { 195 | "tlp": [ 196 | "tlp:clear", 197 | "tlp:white", 198 | "tlp:green" 199 | ] 200 | }, 201 | "blocked_tags": [ 202 | "tlp:rainbow", 203 | "tlp:red" 204 | ] 205 | }, 206 | "blocked_distribution_levels": [ 207 | "0" 208 | ], 209 | "blocked_sharing_groups_uuids": [ 210 | "b9e656ba-b9c0-4506-83ed-7b54b43a57cb" 211 | ], 212 | "blocked_attribute_types": [ 213 | "passport-number", 214 | "email" 215 | ], 216 | "blocked_attribute_categories": [ 217 | "Person" 218 | ], 219 | "blocked_object_types": [ 220 | "person" 221 | ] 222 | } 223 | } 224 | } --------------------------------------------------------------------------------