├── .gitignore ├── CONTRIBUTING.rst ├── CONTRIBUTORS.txt ├── HISTORY.rst ├── LICENSE.rst ├── README.rst ├── docs ├── Makefile ├── __init__.py ├── architecture.rst ├── before_starting_to_develop.rst ├── conf.py ├── contributing.rst ├── history.rst ├── images │ ├── mantis_admin_iobject_type_file_example.PNG │ ├── mantis_admin_iobject_types.PNG │ ├── mantis_admin_overview.PNG │ ├── mantis_architecture.PNG │ ├── mantis_edit_saved_searches.PNG │ ├── mantis_edit_user_config.PNG │ ├── mantis_filter_infoobject_families.PNG │ ├── mantis_filter_infoobject_types.PNG │ ├── mantis_login.PNG │ ├── mantis_menus.png │ ├── mantis_search_several_results_ugly_gorilla.PNG │ ├── mantis_search_several_results_ugly_gorilla_view_one_result.PNG │ ├── mantis_search_single_result.PNG │ ├── mantis_view_infoobject_after_mandiant_import.PNG │ ├── mantis_view_infoobject_after_mandiant_import_appendix.PNG │ ├── mantis_view_infoobject_godocupload.PNG │ ├── mantis_view_infoobject_godocupload_openioc.PNG │ ├── mantis_view_infoobject_restricted_to_stix_packages.PNG │ ├── mantis_view_mandiant_report_toplevel.PNG │ ├── mantis_view_mandiant_report_ttp_htran.PNG │ ├── mantis_view_mandiant_report_ttp_htran_address.PNG │ └── mantis_view_mandiant_report_ttp_htran_json.PNG ├── index.rst ├── installation.rst ├── make.bat ├── mantis_app_layout.rst ├── mantis_developers_guide.rst ├── quickstart.rst ├── readme.rst ├── screenshots.rst ├── setting_up_a_development_environment.rst └── what_mantis_is.rst ├── manage.py ├── mantis ├── __init__.py ├── apps │ └── __init__.py ├── assets │ ├── css │ │ └── styles.css │ └── js │ │ └── scripts.js ├── menus.py ├── models.py ├── settings │ ├── __init__.py │ ├── base.py │ ├── local.py │ ├── local_psql.py │ ├── production.py │ └── testing.py ├── templates │ ├── 404.html │ ├── 500.html │ ├── base.html │ └── dingos │ │ └── grappelli │ │ └── base.html ├── urls.py └── wsgi.py ├── quickstart.rst ├── quickstart.sh ├── quickstart_examples └── markings │ └── minimal_marking.json ├── quickstart_psql.sh ├── requirements.txt ├── requirements ├── base.txt ├── local.txt ├── production.txt └── testing.txt ├── upgrade.sh ├── upgrade_psql.sh └── vagrant └── README.txt /.gitignore: -------------------------------------------------------------------------------- 1 | *.py[cod] 2 | 3 | # C extensions 4 | *.so 5 | 6 | # Packages 7 | *.egg 8 | *.egg-info 9 | dist 10 | build 11 | eggs 12 | parts 13 | bin 14 | var 15 | sdist 16 | develop-eggs 17 | .installed.cfg 18 | lib 19 | lib64 20 | 21 | # Installer logs 22 | pip-log.txt 23 | 24 | # Unit test / coverage reports 25 | .coverage 26 | .tox 27 | nosetests.xml 28 | 29 | # Translations 30 | *.mo 31 | 32 | # Mr Developer 33 | .mr.developer.cfg 34 | .project 35 | .pydevproject 36 | 37 | # Complexity 38 | output/*.html 39 | output/*/index.html 40 | 41 | # Sphinx 42 | docs/_build 43 | 44 | # Cookiecutter 45 | output/ 46 | 47 | # Emacs 48 | \#*# 49 | *~ 50 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | ============ 2 | Contributing 3 | ============ 4 | 5 | Contributions are welcome, and they are greatly appreciated! Every 6 | little bit helps, and credit will always be given. 7 | 8 | You can contribute in many ways: 9 | 10 | Types of Contributions 11 | ---------------------- 12 | 13 | Report Bugs 14 | ~~~~~~~~~~~ 15 | 16 | MANTIS encompasses a number of components. For the following base components, please 17 | report issues at the central issue tracker for the whole Django MANTIS framework 18 | at https://github.com/siemens/django-mantis/issues : 19 | 20 | * https://github.com/siemens/django-mantis 21 | * https://github.com/siemens/django-dingos 22 | * https://github.com/siemens/django-mantis-core 23 | * https://github.com/siemens/django-mantis-openioc-importer 24 | * https://github.com/siemens/django-mantis-stix-importer 25 | * https://github.com/siemens/django-mantis-iodef-importer 26 | 27 | If you are reporting a bug, please include: 28 | 29 | * Your operating system name and version. 30 | * Any details about your local setup that might be helpful in troubleshooting. 31 | * Detailed steps to reproduce the bug. 32 | 33 | Fix Bugs 34 | ~~~~~~~~ 35 | 36 | Look through the GitHub issues for bugs. Anything tagged with "bug" 37 | is open to whoever wants to implement it. 38 | 39 | Implement Features 40 | ~~~~~~~~~~~~~~~~~~ 41 | 42 | Look through the GitHub issues for features. Anything tagged with "feature" 43 | is open to whoever wants to implement it. 44 | 45 | Write Documentation 46 | ~~~~~~~~~~~~~~~~~~~ 47 | 48 | Djangos could always use more documentation, whether as part of the 49 | official Djangos docs, in docstrings, or even on the web in blog posts, 50 | articles, and such. 51 | 52 | Submit Feedback 53 | ~~~~~~~~~~~~~~~ 54 | 55 | The best way to send feedback is to file an issue at https://github.com/siemens/django-mantis/issues. 56 | 57 | If you are proposing a feature: 58 | 59 | * Explain in detail how it would work. 60 | * Keep the scope as narrow as possible, to make it easier to implement. 61 | * Remember that this is a volunteer-driven project, and that contributions 62 | are welcome :) 63 | 64 | Get Started! 65 | ------------ 66 | 67 | In your contribution, you may want to either modify/add to existing code 68 | or create a new Django application that interacts with the existing 69 | applications that are part of the Mantis framework. 70 | 71 | MANTIS profitted a lot from the advice provided in `Two Scoops of Django`_. 72 | Unless you are an absolute Django expert (and maybe even then), please 73 | read Daniel Greenfield's and Audrey Roy's excellent `Two Scoops of Django`_. 74 | Even though it provides best practices for Django 1.5, most of its 75 | advice is also valid for Django 1.6, and likely to be very relevant 76 | for quite a few minor revisions to come. 77 | 78 | 79 | Modifying/adding to existing code 80 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 81 | 82 | Here's how to set up a repository for local development. 83 | 84 | 1. Fork the relevant repository repo on GitHub. 85 | 2. Clone your fork locally:: 86 | 87 | $ git clone git@github.com:your_name_here/.git 88 | 89 | 3. Install your local copy into a virtualenv. Assuming you have virtualenvwrapper installed, this is how you set up your fork for local development:: 90 | 91 | $ mkvirtualenv 92 | $ cd 93 | $ python setup.py develop 94 | 95 | 4. Create a branch for local development:: 96 | 97 | $ git checkout -b name-of-your-bugfix-or-feature 98 | 99 | Now you can make your changes locally. 100 | 101 | 5. Commit your changes and push your branch to GitHub:: 102 | 103 | $ git add . 104 | $ git commit -m "Your detailed description of your changes." 105 | $ git push origin name-of-your-bugfix-or-feature 106 | 107 | 6. Submit a pull request through the GitHub website. 108 | 109 | Writing your own Django application 110 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 111 | 112 | Do yourself a favor and set up the directory structure of your 113 | Django application in the right way from the very start. 114 | The easiest way to do so is to use Daniel Greenfield's `cookiecutter-djangopackage`_ template 115 | (which uses Audrey Roy's excellent `Cookiecutter`_ for creating the directories): this 116 | layout has a very sensible directory structure with out-of-the-box configuration of ``setup.py`` for 117 | easy build, submission to PyPi, etc., as well as the start of a Sphinx documentation tree. 118 | Once you have the directory structure created, initialize a fresh git repository with it 119 | and get to work... 120 | 121 | 122 | .. _Cookiecutter: https://github.com/audreyr/cookiecutter 123 | 124 | 125 | .. _cookiecutter-djangopackage: https://github.com/pydanny/cookiecutter-djangopackage 126 | 127 | 128 | 129 | Pull Request Guidelines 130 | ----------------------- 131 | 132 | Before you submit a pull request, check that it meets these guidelines: 133 | 134 | 1. The pull request should include tests. 135 | 2. If the pull request adds functionality, the docs should be updated. Put 136 | your new functionality into a function with a docstring, and add the 137 | feature to the list in README.rst. 138 | 3. The pull request should work for Python 2.7. 139 | 140 | 141 | .. _Two Scoops of Django: https://django.2scoops.org/ 142 | -------------------------------------------------------------------------------- /CONTRIBUTORS.txt: -------------------------------------------------------------------------------- 1 | Daniel Greenfeld 2 | Marco Fucci -------------------------------------------------------------------------------- /HISTORY.rst: -------------------------------------------------------------------------------- 1 | .. :changelog: 2 | 3 | History 4 | ------- 5 | 6 | 0.2.1 (2014-03-06) 7 | ++++++++++++++++++ 8 | 9 | * Changed dependencies for Mantis components 10 | 11 | * Mantis now requires DINGOS in version 0.2.1. The differences to 0.2.0 are as follows: 12 | 13 | * Bugfixes 14 | 15 | * *CRITICAL* Remediation of painfully slow import for systems with lot's of imported data 16 | 17 | An illformed query led to extremely slow import of new data in systems 18 | that already have lot's of data inside. This bug has been fixed. 19 | 20 | * Problem in link to InfoObjects in which a certain fact can be found on Unique Search Page fixed 21 | 22 | The link was faulty in that it carried a '&page=...' parameter that needed to be removed. 23 | 24 | * Long repetition of '_' in a string lead to HTML display spilling over, because '_' was 25 | not regarded as place to insert a possible line break. This has been changed. 26 | 27 | * New/Modified views 28 | 29 | * View for listing *all* InfoObjects, also those used internally by DINGOS 30 | for bookkeeping (e.g., user preferences). The view is restricted to 31 | Django-superusers. 32 | 33 | * New/Modified command-line commands 34 | 35 | * In 'dingos_manage_user_settings', added the ability to overwrite settings for 'ALL' 36 | users. 37 | 38 | 39 | 0.2.0 (2014-02-26) 40 | ++++++++++++++++++ 41 | 42 | * Changed dependencies for Mantis components 43 | 44 | * Mantis now requires DINGOS in version 0.2.0. The differences to 0.1.0 are as follows: 45 | 46 | * New base functionality 47 | 48 | * Added framework for managing user-specific data (user configurations, 49 | saved searches, etc.) and querying user-specific data in templates and views. 50 | 51 | * Added tracking of namespace information per component of a fact term 52 | 53 | * New/Modified views 54 | 55 | * Modifications to all views 56 | 57 | * Added possibility to switch between horizontal and vertical layout ... 58 | or have automatic adjustment of the layout depending on screen width. 59 | 60 | * Modifications to filter views 61 | 62 | * Modified date-picker in filters to enable addition of timespans without 63 | changing saved searches or messing up order of timespans 64 | 65 | * Added several further filter criteria in InfoObject filter 66 | 67 | * Added view with basic and still rather restricted editing capabilities for 68 | InfoObjects -- currently only used for editing user preferences or 69 | edits by the superuser 70 | 71 | * Added view to edit user configuration 72 | 73 | * Added view to edit saved searches 74 | 75 | * Added per-column ordering to list views 76 | 77 | * Added new filter/search that shows unique Facts rather than all 78 | InfoObjects containing a certain fact. 79 | 80 | * New/added capabilities for writing views 81 | 82 | * Added framework for ordering list views 83 | 84 | * Added per-user configuration for: 85 | 86 | * layout (horizontal vs. vertical) 87 | 88 | * number of rows to show in list views 89 | 90 | * number of rows to show in widget displaying objects in which a 91 | displayed object is embedded 92 | 93 | * Bug fixes / Improvements 94 | 95 | * Generation of filter views became unbearably slow when many 96 | (> 40,000) InfoObjects are in the system. This was, because 97 | of a badly built query within the dynamically built filter 98 | form. This has been fixed. 99 | 100 | * Further development of JSON export (still needs work to make 101 | the to_dict function of InfoObjects generic and configurable such as 102 | the from_dict function) 103 | 104 | * Fixed bug in generation of InfoObjects: when a placeholder for a given 105 | ID already existed, it was not reliably found. 106 | 107 | * New/Modified command-line commands 108 | 109 | * Import command now fails gracefully if import of a file 110 | throws an exception: it continues with import of the next file. 111 | 112 | * Added command line arguments to basic import command: 113 | 114 | * ability to add IDs of marking objects to be added to imported objects 115 | 116 | * ability to automatically move imported XML files to other folder after 117 | import 118 | 119 | * Added command to reset user-settings and saved searches for a given user. 120 | 121 | * Added command to re-calculate object names. 122 | 123 | This is useful to run right after an import, recalculating the 124 | names of 'Observable' InfoObjects created in the past few minutes. Thus, the 125 | problem that those Observables that are to be named after the (single) 126 | object they contain do not carry a proper name (because at creation time 127 | of the Observable, the Object usually does not exist, yet) can be fixed. 128 | 129 | * Mantis now requires the Mantis-Core in version 0.2.0. 130 | The differences to 0.1.0 are as follows: 131 | 132 | * Added corresponding abstract model classes for 133 | models introduced in DINGOS 0.2.0. 134 | 135 | * Mantis now requires the STIX/CybOX Importer in version 0.2.0. 136 | The differences to 0.1.0 are as follows: 137 | 138 | * Added ability to generate identifier for top-level element 139 | (usually a STIX_Package) if an identifier for that element is 140 | missing: if a default namespace has been defined, then 141 | an identifier is generated by taking the MD5-hash of the 142 | xml file. 143 | 144 | * Markings present in STIX_Package are read out and attached 145 | to all InfoObjects generated from the STIX_Package. 146 | 147 | Note: Mantis does currently not interpret the XPATH expression 148 | that specifies the scope of the marking (which is not much 149 | of an issue, since it seems that the feature to restrict 150 | the scope of a marking is not much used at the moment). 151 | 152 | * Timestamp present in `STIX_Header/Information_Source/Time/Produced_Time` 153 | is read. 154 | 155 | * Added a command-line argument to add a default-timestamp to the STIX import 156 | command. 157 | 158 | * Bug fixes: 159 | 160 | * Attributes other than `id` and `idref` that contained a namespace were not 161 | handled correctly. The handler function `attr_with_namespace_handler` 162 | fixes this. 163 | 164 | * In `0.1.0`, the `xsi:type` attribute was not recorded, because in most cases, 165 | its information is used for determining the data type of elements and 166 | InfoObjects. But there are cases, e.g., in Markings, where this is not the 167 | case. For these cases, the `xsi:type` attribute is kept in the InfoObject. 168 | 169 | * Family revision info was not recorded; this has been fixed. 170 | 171 | * Mantis now requires the OpenIOC Importer in version 0.2.0. 172 | The differences to 0.1.0 are as follows: 173 | 174 | * Fixed bug in import of timestamp. 175 | 176 | 177 | 178 | 0.1.0 (2013-12-19) 179 | ++++++++++++++++++ 180 | 181 | * Initial release 182 | 183 | 184 | -------------------------------------------------------------------------------- /LICENSE.rst: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | , 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ========================================================= 2 | The MANTIS Cyber Threat Intelligence Management Framework 3 | ========================================================= 4 | 5 | **WARNING: Mantis is not maintained anymore: by now, the excellent MISP platform 6 | (http://www.misp-project.org/) 7 | offers all the functionality (and much more) that had been required when 8 | MANTIS was created but could then not be found in any other tool.** 9 | 10 | 11 | 12 | The MANTIS (Model-based Analysis of Threat Intelligence Sources) Framework consists 13 | of several `Django`_ Apps that, in combination, support the management 14 | of cyber threat intelligence expressed in standards such as `STIX`_, `CybOX`_, 15 | `OpenIOC`_, `IODEF (RFC 5070)`_, etc. 16 | 17 | The heavy lifting is done in the following Django Apps: 18 | 19 | - `django-dingos`_ 20 | - `django-mantis-core`_ 21 | - `django-mantis-stix-importer`_ 22 | - `django-mantis-openioc-importer`_ 23 | - `django-mantis-iodef-importer`_ 24 | - django-mantis-taxii (under development) 25 | 26 | This project ``django-mantis`` provides a template Django Project that shows how these Django Apps can 27 | be used as basis for your own MANTIS-based Cyber-Threat Intelligence Management system. 28 | 29 | Important resources: 30 | 31 | * Access to the Mantis source code for installation: 32 | 33 | * Either via ``git clone`` from the `Mantis Github Repository`_ (recommended):: 34 | 35 | git clone https://github.com/siemens/django-mantis.git 36 | 37 | * Or via download as ``zip`` package from https://github.com/siemens/django-mantis/archive/master.zip 38 | 39 | 40 | * There is a mailing list for dicussions, questions, etc.: 41 | 42 | * Subscribe to the mailing list by sending a mail to ``Mantis-ti-discussion-join@lists.trusted-introducer.org``. 43 | 44 | * The archives of the mailing list are available via `Nabble`_. 45 | 46 | Many thanks to the `TF-CSIRT Trusted Introducer`_ for their support in hosting 47 | the list! 48 | 49 | * All issues regarding Mantis and its components are tracked 50 | on the `Mantis Issue Tracker`_. 51 | 52 | * Documentation: the full documentation is at http://django-mantis.readthedocs.org. 53 | 54 | 55 | Acknowledgments 56 | --------------- 57 | 58 | 59 | The basic layout for this Django project with extremly useful base settings and very sensible directory layout 60 | was generated with Audrey Roy's excellent `Cookiecutter`_ and Marco Fucci's `cookiecutter-simple-django`_ template. 61 | 62 | .. _TF-CSIRT Trusted Introducer: http://www.trusted-introducer.org/ 63 | 64 | .. _Nabble: http://mantis-threat-intelligence-management-framework-discussion-list.57317.x6.nabble.com/ 65 | 66 | .. _Cookiecutter: https://github.com/audreyr/cookiecutter 67 | 68 | .. _cookiecutter-simple-django: https://github.com/marcofucci/cookiecutter-simple-django 69 | 70 | .. _Django: https://www.djangoproject.com/ 71 | .. _STIX: http://stix.mitre.org/ 72 | .. _CybOX: http://cybox.mitre.org/ 73 | .. _OpenIOC: http://www.openioc.org/ 74 | .. _IODEF (RFC 5070): http://www.ietf.org/rfc/rfc5070.txt 75 | 76 | .. _django-dingos: https://github.com/siemens/django-dingos/blob/master/docs/what_dingos_is_all_about.rst 77 | .. _django-mantis-core: https://github.com/siemens/django-mantis-core 78 | .. _django-mantis-stix-importer: https://github.com/siemens/django-mantis-stix-importer 79 | .. _django-mantis-openioc-importer: https://github.com/siemens/django-mantis-openioc-importer 80 | .. _django-mantis-iodef-importer: https://github.com/siemens/django-mantis-iodef-importer 81 | 82 | .. _Mantis Github Repository: https://github.com/siemens/django-mantis 83 | .. _Mantis Issue Tracker: https://github.com/siemens/django-mantis/issues?state=open 84 | 85 | .. _MISP: http://www.misp-project.org/ 86 | 87 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = _build 9 | 10 | # Internal variables. 11 | PAPEROPT_a4 = -D latex_paper_size=a4 12 | PAPEROPT_letter = -D latex_paper_size=letter 13 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . 14 | # the i18n builder cannot share the environment and doctrees with the others 15 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . 16 | 17 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext 18 | 19 | help: 20 | @echo "Please use \`make ' where is one of" 21 | @echo " html to make standalone HTML files" 22 | @echo " dirhtml to make HTML files named index.html in directories" 23 | @echo " singlehtml to make a single large HTML file" 24 | @echo " pickle to make pickle files" 25 | @echo " json to make JSON files" 26 | @echo " htmlhelp to make HTML files and a HTML help project" 27 | @echo " qthelp to make HTML files and a qthelp project" 28 | @echo " devhelp to make HTML files and a Devhelp project" 29 | @echo " epub to make an epub" 30 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 31 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 32 | @echo " text to make text files" 33 | @echo " man to make manual pages" 34 | @echo " texinfo to make Texinfo files" 35 | @echo " info to make Texinfo files and run them through makeinfo" 36 | @echo " gettext to make PO message catalogs" 37 | @echo " changes to make an overview of all changed/added/deprecated items" 38 | @echo " linkcheck to check all external links for integrity" 39 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 40 | 41 | clean: 42 | -rm -rf $(BUILDDIR)/* 43 | 44 | html: 45 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 46 | @echo 47 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 48 | 49 | dirhtml: 50 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 51 | @echo 52 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 53 | 54 | singlehtml: 55 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 56 | @echo 57 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 58 | 59 | pickle: 60 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 61 | @echo 62 | @echo "Build finished; now you can process the pickle files." 63 | 64 | json: 65 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 66 | @echo 67 | @echo "Build finished; now you can process the JSON files." 68 | 69 | htmlhelp: 70 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 71 | @echo 72 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 73 | ".hhp project file in $(BUILDDIR)/htmlhelp." 74 | 75 | qthelp: 76 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 77 | @echo 78 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 79 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 80 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/.qhcp" 81 | @echo "To view the help file:" 82 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/.qhc" 83 | 84 | devhelp: 85 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 86 | @echo 87 | @echo "Build finished." 88 | @echo "To view the help file:" 89 | @echo "# mkdir -p $$HOME/.local/share/devhelp/" 90 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/" 91 | @echo "# devhelp" 92 | 93 | epub: 94 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 95 | @echo 96 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 97 | 98 | latex: 99 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 100 | @echo 101 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 102 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 103 | "(use \`make latexpdf' here to do that automatically)." 104 | 105 | latexpdf: 106 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 107 | @echo "Running LaTeX files through pdflatex..." 108 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 109 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 110 | 111 | text: 112 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 113 | @echo 114 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 115 | 116 | man: 117 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 118 | @echo 119 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 120 | 121 | texinfo: 122 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 123 | @echo 124 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 125 | @echo "Run \`make' in that directory to run these through makeinfo" \ 126 | "(use \`make info' here to do that automatically)." 127 | 128 | info: 129 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 130 | @echo "Running Texinfo files through makeinfo..." 131 | make -C $(BUILDDIR)/texinfo info 132 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 133 | 134 | gettext: 135 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 136 | @echo 137 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 138 | 139 | changes: 140 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 141 | @echo 142 | @echo "The overview file is in $(BUILDDIR)/changes." 143 | 144 | linkcheck: 145 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 146 | @echo 147 | @echo "Link check complete; look for any errors in the above output " \ 148 | "or in $(BUILDDIR)/linkcheck/output.txt." 149 | 150 | doctest: 151 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 152 | @echo "Testing of doctests in the sources finished, look at the " \ 153 | "results in $(BUILDDIR)/doctest/output.txt." -------------------------------------------------------------------------------- /docs/__init__.py: -------------------------------------------------------------------------------- 1 | # Included so that Django's startproject comment runs against the docs directory -------------------------------------------------------------------------------- /docs/architecture.rst: -------------------------------------------------------------------------------- 1 | =================== 2 | MANTIS Architecture 3 | =================== 4 | 5 | The MANTIS (Model-based Analysis of Threat Intelligence Sources) Framework consists 6 | of several `Django`_ Apps that, in combination, support the management 7 | of cyber threat intelligence expressed in standards such as `STIX`_, `CybOX`_, 8 | `OpenIOC`_, `IODEF (RFC 5070)`_, etc. 9 | 10 | The heavy lifting is done in the following Django Apps: 11 | 12 | - `django-dingos`_ 13 | - `django-mantis-core`_ 14 | - `django-mantis-stix-importer`_ 15 | - `django-mantis-openioc-importer`_ 16 | - `django-mantis-iodef-importer`_ 17 | - django-mantis-taxii (under development) 18 | 19 | .. figure:: images/mantis_architecture.PNG 20 | :align: center 21 | :scale: 50% 22 | 23 | MANTIS architecture 24 | 25 | 26 | .. _Django: https://www.djangoproject.com/ 27 | .. _STIX: http://stix.mitre.org/ 28 | .. _CybOX: http://cybox.mitre.org/ 29 | .. _OpenIOC: http://www.openioc.org/ 30 | .. _IODEF (RFC 5070): http://www.ietf.org/rfc/rfc5070.txt 31 | 32 | 33 | .. _django-dingos: https://github.com/siemens/django-dingos/blob/master/docs/what_dingos_is_all_about.rst 34 | .. _django-mantis-core: https://github.com/siemens/django-mantis-core 35 | .. _django-mantis-stix-importer: https://github.com/siemens/django-mantis-stix-importer 36 | .. _django-mantis-openioc-importer: https://github.com/siemens/django-mantis-openioc-importer 37 | .. _django-mantis-iodef-importer: https://github.com/siemens/django-mantis-iodef-importer 38 | -------------------------------------------------------------------------------- /docs/before_starting_to_develop.rst: -------------------------------------------------------------------------------- 1 | Before starting to develop 2 | ========================== 3 | 4 | 5 | Read up on techniques and styles used in MANTIS 6 | ----------------------------------------------- 7 | 8 | MANTIS profitted a lot from the advice provided in `Two Scoops of Django`_. 9 | 10 | Unless you are an absolute Django expert (and maybe even then), please 11 | read Daniel Greenfield's and Audrey Roy's excellent `Two Scoops of Django`_. 12 | Even though it provides best practices for Django 1.5, most of its 13 | advice is also valid for Django 1.6, and likely to be very relevant 14 | for quite a few minor revisions to come. 15 | 16 | 17 | Understand how django-dingos works 18 | ---------------------------------- 19 | 20 | The heart of MANTIS is the `django-dingos`_ Django application. 21 | Most aspects of modifying/adding to MANTIS will require 22 | a sound understanding of how `django-dingos` works. 23 | Please refer to the `Django DINGOS developers' guide`_ 24 | 25 | 26 | Find the right place to modify/add to 27 | ------------------------------------- 28 | 29 | Writing your own Django application 30 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 31 | 32 | If you are adding completely new functionality to Mantis, 33 | the best way may very well be to create a new Django 34 | application. 35 | 36 | 37 | 38 | Keep django-dingos generic 39 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ 40 | 41 | Although DINGOS is likely to be used mainly in the context of the 42 | Django MANTIS Cyber Threat Intelligence Management application, 43 | DINGOS should stay a /generic/ application for managing 44 | structured information. So whenever you find yourself 45 | adding/modifying stuff in DINGOS that is specific to 46 | cyber threat intelligence management, the STIX, CybOX standards, 47 | etc., **DINGOS is the wrong place to modify/add to**. The same goes 48 | for customizations that are particular to your instance 49 | of running MANTIS. 50 | 51 | Please consider the following places for development instead: 52 | 53 | * If you want to add Python code that is particular to cyber threat 54 | management, consider adding this in `django-mantis-core`_ 55 | 56 | * If you want to add Python code that is particular to a certain 57 | standard, consider adding it to the respective importer module, 58 | e.g., `django-mantis-stix-importer`_ or similar 59 | 60 | * If you want to make modifications to a DINGOS template that 61 | is required for your local instance of MANTIS (or whatever 62 | framework is using DINGOS), the right way is probably 63 | to override one of the DINGOS base templates. Have a look 64 | at how `django-mantis`_ overrides the 65 | ``templates/dingos/grappelli/base.html`` template; 66 | see also the `Django documentation on overriding templates`_. 67 | 68 | * If you want to change the url paths of DINGOS views, 69 | do this in the ``url.py`` of your instance rather 70 | than ``dingos/url.py``. 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | .. _Two Scoops of Django: https://django.2scoops.org/ 80 | .. _django-mantis-core: https://github.com/siemens/django-mantis-core 81 | .. _django-mantis-stix-importer: https://github.com/siemens/django-mantis-stix-importer 82 | .. _django-mantis: https://github.com/siemens/django-mantis 83 | .. _Django documentation on overriding templates: https://docs.djangoproject.com/en/1.6/intro/tutorial02/#ref-customizing-your-projects-templates 84 | .. _django-dingos: https://github.com/siemens/django-dingos 85 | .. _Django DINGOS developers' guide: http://django-dingos.readthedocs.org/en/latest/developers_guide.html 86 | -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # 3 | # documentation build configuration file, created by 4 | # sphinx-quickstart on Sun Feb 17 11:46:20 2013. 5 | # 6 | # This file is execfile()d with the current directory set to its containing dir. 7 | # 8 | # Note that not all possible configuration values are present in this 9 | # autogenerated file. 10 | # 11 | # All configuration values have a default; values that are commented out 12 | # serve to show the default. 13 | 14 | import sys, os 15 | 16 | 17 | cwd = os.getcwd() 18 | parent = os.path.dirname(cwd) 19 | sys.path.append(parent) 20 | 21 | import mantis 22 | 23 | # If extensions (or modules to document with autodoc) are in another directory, 24 | # add these directories to sys.path here. If the directory is relative to the 25 | # documentation root, use os.path.abspath to make it absolute, like shown here. 26 | #sys.path.insert(0, os.path.abspath('.')) 27 | 28 | # -- General configuration ----------------------------------------------------- 29 | 30 | # If your documentation needs a minimal Sphinx version, state it here. 31 | #needs_sphinx = '1.0' 32 | 33 | # Add any Sphinx extension module names here, as strings. They can be extensions 34 | # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. 35 | extensions = ['sphinx.ext.autodoc', 'sphinx.ext.viewcode'] 36 | 37 | # Add any paths that contain templates here, relative to this directory. 38 | templates_path = ['_templates'] 39 | 40 | # The suffix of source filenames. 41 | source_suffix = '.rst' 42 | 43 | # The encoding of source files. 44 | #source_encoding = 'utf-8-sig' 45 | 46 | # The master toctree document. 47 | master_doc = 'index' 48 | 49 | # General information about the project. 50 | project = u'Mantis' 51 | copyright = u'2013, Siemens' 52 | 53 | # The version info for the project you're documenting, acts as replacement for 54 | # |version| and |release|, also used in various other places throughout the 55 | # built documents. 56 | # 57 | # The short X.Y version. 58 | version = mantis.__version__ 59 | # The full version, including alpha/beta/rc tags. 60 | release = mantis.__version__ 61 | 62 | 63 | # The language for content autogenerated by Sphinx. Refer to documentation 64 | # for a list of supported languages. 65 | #language = None 66 | 67 | # There are two options for replacing |today|: either, you set today to some 68 | # non-false value, then it is used: 69 | #today = '' 70 | # Else, today_fmt is used as the format for a strftime call. 71 | #today_fmt = '%B %d, %Y' 72 | 73 | # List of patterns, relative to source directory, that match files and 74 | # directories to ignore when looking for source files. 75 | exclude_patterns = ['_build'] 76 | 77 | # The reST default role (used for this markup: `text`) to use for all documents. 78 | #default_role = None 79 | 80 | # If true, '()' will be appended to :func: etc. cross-reference text. 81 | #add_function_parentheses = True 82 | 83 | # If true, the current module name will be prepended to all description 84 | # unit titles (such as .. function::). 85 | #add_module_names = True 86 | 87 | # If true, sectionauthor and moduleauthor directives will be shown in the 88 | # output. They are ignored by default. 89 | #show_authors = False 90 | 91 | # The name of the Pygments (syntax highlighting) style to use. 92 | pygments_style = 'sphinx' 93 | 94 | # A list of ignored prefixes for module index sorting. 95 | #modindex_common_prefix = [] 96 | 97 | # If true, keep warnings as "system message" paragraphs in the built documents. 98 | #keep_warnings = False 99 | 100 | 101 | # -- Options for HTML output --------------------------------------------------- 102 | 103 | # The theme to use for HTML and HTML Help pages. See the documentation for 104 | # a list of builtin themes. 105 | html_theme = 'default' 106 | 107 | # Theme options are theme-specific and customize the look and feel of a theme 108 | # further. For a list of options available for each theme, see the 109 | # documentation. 110 | #html_theme_options = {} 111 | 112 | # Add any paths that contain custom themes here, relative to this directory. 113 | #html_theme_path = [] 114 | 115 | # The name for this set of Sphinx documents. If None, it defaults to 116 | # " v documentation". 117 | #html_title = None 118 | 119 | # A shorter title for the navigation bar. Default is the same as html_title. 120 | #html_short_title = None 121 | 122 | # The name of an image file (relative to this directory) to place at the top 123 | # of the sidebar. 124 | #html_logo = None 125 | 126 | # The name of an image file (within the static path) to use as favicon of the 127 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 128 | # pixels large. 129 | #html_favicon = None 130 | 131 | # Add any paths that contain custom static files (such as style sheets) here, 132 | # relative to this directory. They are copied after the builtin static files, 133 | # so a file named "default.css" will overwrite the builtin "default.css". 134 | html_static_path = ['_static'] 135 | 136 | # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, 137 | # using the given strftime format. 138 | #html_last_updated_fmt = '%b %d, %Y' 139 | 140 | # If true, SmartyPants will be used to convert quotes and dashes to 141 | # typographically correct entities. 142 | #html_use_smartypants = True 143 | 144 | # Custom sidebar templates, maps document names to template names. 145 | #html_sidebars = {} 146 | 147 | # Additional templates that should be rendered to pages, maps page names to 148 | # template names. 149 | #html_additional_pages = {} 150 | 151 | # If false, no module index is generated. 152 | #html_domain_indices = True 153 | 154 | # If false, no index is generated. 155 | #html_use_index = True 156 | 157 | # If true, the index is split into individual pages for each letter. 158 | #html_split_index = False 159 | 160 | # If true, links to the reST sources are added to the pages. 161 | #html_show_sourcelink = True 162 | 163 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 164 | #html_show_sphinx = True 165 | 166 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 167 | #html_show_copyright = True 168 | 169 | # If true, an OpenSearch description file will be output, and all pages will 170 | # contain a tag referring to it. The value of this option must be the 171 | # base URL from which the finished HTML is served. 172 | #html_use_opensearch = '' 173 | 174 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 175 | #html_file_suffix = None 176 | 177 | # Output file base name for HTML help builder. 178 | htmlhelp_basename = 'doc' 179 | 180 | 181 | # -- Options for LaTeX output -------------------------------------------------- 182 | 183 | latex_elements = { 184 | # The paper size ('letterpaper' or 'a4paper'). 185 | #'papersize': 'letterpaper', 186 | 187 | # The font size ('10pt', '11pt' or '12pt'). 188 | #'pointsize': '10pt', 189 | 190 | # Additional stuff for the LaTeX preamble. 191 | #'preamble': '', 192 | } 193 | 194 | # Grouping the document tree into LaTeX files. List of tuples 195 | # (source start file, target name, title, author, documentclass [howto/manual]). 196 | latex_documents = [ 197 | ('index', 'mantis.tex', u'Mantis Documentation', 198 | u'Siemens', 'manual'), 199 | ] 200 | 201 | # The name of an image file (relative to this directory) to place at the top of 202 | # the title page. 203 | #latex_logo = None 204 | 205 | # For "manual" documents, if this is true, then toplevel headings are parts, 206 | # not chapters. 207 | #latex_use_parts = False 208 | 209 | # If true, show page references after internal links. 210 | #latex_show_pagerefs = False 211 | 212 | # If true, show URL addresses after external links. 213 | #latex_show_urls = False 214 | 215 | # Documents to append as an appendix to all manuals. 216 | #latex_appendices = [] 217 | 218 | # If false, no module index is generated. 219 | #latex_domain_indices = True 220 | 221 | 222 | # -- Options for manual page output -------------------------------------------- 223 | 224 | # One entry per manual page. List of tuples 225 | # (source start file, name, description, authors, manual section). 226 | man_pages = [ 227 | ('index', 'mantis', u'Mantis Documentation', 228 | [u'Siemens'], 1) 229 | ] 230 | 231 | # If true, show URL addresses after external links. 232 | #man_show_urls = False 233 | 234 | 235 | # -- Options for Texinfo output ------------------------------------------------ 236 | 237 | # Grouping the document tree into Texinfo files. List of tuples 238 | # (source start file, target name, title, author, 239 | # dir menu entry, description, category) 240 | texinfo_documents = [ 241 | ('index', 'mantis', u'Mantis Documentation', 242 | u'Siemens', 'mantis', 'One line description of project.', 243 | 'Miscellaneous'), 244 | ] 245 | 246 | # Documents to append as an appendix to all manuals. 247 | #texinfo_appendices = [] 248 | 249 | # If false, no module index is generated. 250 | #texinfo_domain_indices = True 251 | 252 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 253 | #texinfo_show_urls = 'footnote' 254 | 255 | # If true, do not generate a @detailmenu in the "Top" node's menu. 256 | #texinfo_no_detailmenu = False 257 | -------------------------------------------------------------------------------- /docs/contributing.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../CONTRIBUTING.rst 2 | -------------------------------------------------------------------------------- /docs/history.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../HISTORY.rst 2 | -------------------------------------------------------------------------------- /docs/images/mantis_admin_iobject_type_file_example.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_admin_iobject_type_file_example.PNG -------------------------------------------------------------------------------- /docs/images/mantis_admin_iobject_types.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_admin_iobject_types.PNG -------------------------------------------------------------------------------- /docs/images/mantis_admin_overview.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_admin_overview.PNG -------------------------------------------------------------------------------- /docs/images/mantis_architecture.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_architecture.PNG -------------------------------------------------------------------------------- /docs/images/mantis_edit_saved_searches.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_edit_saved_searches.PNG -------------------------------------------------------------------------------- /docs/images/mantis_edit_user_config.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_edit_user_config.PNG -------------------------------------------------------------------------------- /docs/images/mantis_filter_infoobject_families.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_filter_infoobject_families.PNG -------------------------------------------------------------------------------- /docs/images/mantis_filter_infoobject_types.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_filter_infoobject_types.PNG -------------------------------------------------------------------------------- /docs/images/mantis_login.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_login.PNG -------------------------------------------------------------------------------- /docs/images/mantis_menus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_menus.png -------------------------------------------------------------------------------- /docs/images/mantis_search_several_results_ugly_gorilla.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_search_several_results_ugly_gorilla.PNG -------------------------------------------------------------------------------- /docs/images/mantis_search_several_results_ugly_gorilla_view_one_result.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_search_several_results_ugly_gorilla_view_one_result.PNG -------------------------------------------------------------------------------- /docs/images/mantis_search_single_result.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_search_single_result.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_infoobject_after_mandiant_import.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_infoobject_after_mandiant_import.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_infoobject_after_mandiant_import_appendix.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_infoobject_after_mandiant_import_appendix.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_infoobject_godocupload.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_infoobject_godocupload.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_infoobject_godocupload_openioc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_infoobject_godocupload_openioc.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_infoobject_restricted_to_stix_packages.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_infoobject_restricted_to_stix_packages.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_mandiant_report_toplevel.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_mandiant_report_toplevel.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_mandiant_report_ttp_htran.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_mandiant_report_ttp_htran.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_mandiant_report_ttp_htran_address.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_mandiant_report_ttp_htran_address.PNG -------------------------------------------------------------------------------- /docs/images/mantis_view_mandiant_report_ttp_htran_json.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/docs/images/mantis_view_mandiant_report_ttp_htran_json.PNG -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- 1 | .. documentation master file, created by 2 | sphinx-quickstart on Sun Feb 17 11:46:20 2013. 3 | You can adapt this file completely to your liking, but it should at least 4 | contain the root `toctree` directive. 5 | 6 | The MANTIS Cyber-Intelligence Management Framework 7 | ================================================== 8 | 9 | The MANTIS (Model-based Analysis of Threat Intelligence Sources) Framework consists 10 | of several `Django`_ Apps that, in combination, support the management 11 | of cyber threat intelligence expressed in standards such as `STIX`_, `CybOX`_, 12 | `OpenIOC`_, `IODEF (RFC 5070)`_, etc. 13 | 14 | Important resources: 15 | 16 | * Access to the Mantis source code for installation: 17 | 18 | * Either via ``git clone`` from the `Mantis Github Repository`_ (recommended):: 19 | 20 | git clone https://github.com/siemens/django-mantis.git 21 | 22 | * Or via download as ``zip`` package from https://github.com/siemens/django-mantis/archive/master.zip 23 | 24 | * There is a mailing list for dicussions, questions, etc.: 25 | 26 | * Subscribe to the mailing list by sending a mail to ``Mantis-ti-discussion-join@lists.trusted-introducer.org``. 27 | 28 | * The archives of the mailing list are available via `Nabble`_. 29 | 30 | Many thanks to the `TF-CSIRT Trusted Introducer`_ for their support in hosting 31 | the list! 32 | 33 | * All issues regarding Mantis and its components are tracked 34 | on the `Mantis Issue Tracker`_. 35 | 36 | * Documentation: 37 | 38 | .. toctree:: 39 | :maxdepth: 1 40 | 41 | architecture 42 | screenshots 43 | what_mantis_is 44 | history 45 | installation 46 | quickstart 47 | mantis_developers_guide 48 | contributing 49 | 50 | 51 | .. _TF-CSIRT Trusted Introducer: http://www.trusted-introducer.org/ 52 | .. _Nabble: http://mantis-threat-intelligence-management-framework-discussion-list.57317.x6.nabble.com/ 53 | .. _Mantis Github Repository: https://github.com/siemens/django-mantis 54 | .. _Mantis Issue Tracker: https://github.com/siemens/django-mantis/issues?state=open 55 | 56 | .. _Django: https://www.djangoproject.com/ 57 | .. _STIX: http://stix.mitre.org/ 58 | .. _CybOX: http://cybox.mitre.org/ 59 | .. _OpenIOC: http://www.openioc.org/ 60 | .. _IODEF (RFC 5070): http://www.ietf.org/rfc/rfc5070.txt 61 | 62 | .. _django-dingos: https://github.com/siemens/django-dingos/blob/master/docs/what_dingos_is_all_about.rst 63 | .. _django-mantis-core: https://github.com/siemens/django-mantis-core 64 | .. _django-mantis-stix-importer: https://github.com/siemens/django-mantis-stix-importer 65 | .. _django-mantis-openioc-importer: https://github.com/siemens/django-mantis-openioc-importer 66 | .. _django-mantis-iodef-importer: https://github.com/siemens/django-mantis-iodef-importer 67 | -------------------------------------------------------------------------------- /docs/installation.rst: -------------------------------------------------------------------------------- 1 | ============ 2 | Installation 3 | ============ 4 | 5 | .. contents:: 6 | 7 | 8 | ------------------- 9 | Manual installation 10 | ------------------- 11 | 12 | *ATTENTION*: Please do not use the master branch for fresh installs; use the development branch 13 | and follow the installation instructions outlined `in the development branch`_ 14 | 15 | .. _in the development branch: http://django-mantis.readthedocs.org/en/development/installation.html 16 | 17 | 18 | The installation instructions below have been tested on an out-of-the-box 19 | installation of `Ubuntu Desktop 12.04 LTS`_ 20 | (the Desktop rather than the Server version has been used, since the majority 21 | of installs are likely to be for testing and developing, where having a full 22 | working environment and X-server installed comes in handy.) If you are using 23 | a different *nix flavor, you have to find the corresponding installation 24 | packages used with ``apt-get`` below -- the installation steps 25 | carried out with ``pip``, however, will be exactly the same. 26 | 27 | *Attention*: If you are setting up a virtual machine, make sure to give 28 | it at least 3GB of memory if you want to import really large XML 29 | structures such as MITRE's STIX conversion of the 30 | Mandiant APT-1 report (http://stix.mitre.org/downloads/APT1-STIX.zip) -- 31 | importing large files currently takes a lot of memory -- there 32 | seems to be a memory leak which we still have to track down. 33 | 34 | 35 | #. Make sure that you have the required 36 | dependencies on OS level for building the XML-related packages. For 37 | example, on an Ubuntu system, execute the following commands:: 38 | 39 | $ apt-get install libxml2 libxml2-dev python-dev libxslt1-dev 40 | 41 | Also, while you are at it, install git, if you do not have it already:: 42 | 43 | $ apt-get install git 44 | 45 | If you are behind a proxy, you can configure a proxy for 46 | ``apt-get`` by putting a file ``95proxy`` into ``/etc/apt/apt.conf.d`` 47 | that has the following contents:: 48 | 49 | Acquire::http::proxy ""; 50 | Acquire::ftp::proxy ""; 51 | Acquire::https::proxy ""; 52 | 53 | 54 | 55 | #. It is recommended to use a virtual python environment. 56 | 57 | - Make sure that ``virtualenv`` and ``pip`` are installed:: 58 | 59 | $ apt-get install python-virtualenv python-pip 60 | 61 | - Create a virtual environment:: 62 | 63 | $ virtualenv /mantis 64 | $ source /mantis/bin/activate 65 | 66 | Now the virtual environment is activated -- you should see a changed 67 | prompt that is prefixed with ``(mantis)`` 68 | 69 | #. Install the ``libxml2-python`` bindings 70 | 71 | Unfortunately, the process of getting ``libxml2-python`` installed using ``pip`` varies from 72 | OS to OS, because there is no proper library package available. 73 | 74 | * For Ubuntu 12.04 do the following: 75 | 76 | Use pip to install directly from an ftp source:: 77 | 78 | (mantis)$ pip install ftp://xmlsoft.org/libxml2/python/libxml2-python-2.6.21.tar.gz 79 | 80 | If you are behind a proxy, you can either provide ``pip`` with the proxy information with the 81 | commandline argument ``--proxy `` or use the ``http_proxy`` environment variable -- 82 | do not do both, because this confuses ``pip``. 83 | 84 | 85 | If the download does not work via pip, download the file with your browser, and install from file 86 | with ``pip install ``. 87 | 88 | * For Ubuntu 13.10, do the following: 89 | 90 | * Downloadand unpack the ``libxml2`` sources:: 91 | 92 | (mantis)$ wget http://xmlsoft.org/sources/libxml2-2.9.1.tar.gz" 93 | (mantis)$ tar -zxvf libxml2-2.9.1.tar.gz 94 | 95 | If you are behind a proxy, append ``-e use_proxy=yes -e http_proxy=`` after the 96 | URL when calling ``wget``. 97 | 98 | * Install via ``pip``:: 99 | 100 | (mantis)$ pip install libxml2-2.9.1/python 101 | 102 | If you are behind a proxy, you can either provide ``pip`` with the proxy information with the 103 | commandline argument ``--proxy `` or use the ``http_proxy`` environment variable -- 104 | do not do both, because this confuses ``pip``. 105 | 106 | 107 | #. Go to a location where you want to have the Django Mantis files and check out the git repository:: 108 | 109 | (mantis)$ git clone https://github.com/siemens/django-mantis.git 110 | 111 | If you are behind a proxy, you can configure a proxy for ``git`` via the following:: 112 | 113 | (mantis)$ git config --global http.proxy 114 | 115 | #. Change into the ``django-mantis`` directory and do:: 116 | 117 | (mantis)$ pip install -r requirements/local.txt 118 | (mantis)$ pip install django-simple-menu>=1.0.6 119 | 120 | (For some reason, ``django-simple-menu`` cannot be installed before Django itself has not been 121 | installed completely). 122 | 123 | 124 | #. Your are now all set for running MANTIS on top of an SQLite database. If that is what you want to do, 125 | have a look at :doc:`quickstart`. 126 | 127 | #. For running MANTIS on top of Postgresql (which is 128 | recommended), you need to install and prepare Postgresql: 129 | 130 | - Install it:: 131 | 132 | $ apt-get install postgresql 133 | $ apt-get install postgresql-server-dev-9.1 134 | 135 | - Install the Python module for working with postgresql:: 136 | 137 | (mantis)$ pip install psycopg2 138 | 139 | - In ``/etc/postgresql/9.1/main/postgresql.conf`` set ``ssl = False`` 140 | 141 | - (Re)start the server:: 142 | 143 | /etc/init.d/postgresql start 144 | 145 | - Create password for ``postgresql``: as root user, do:: 146 | 147 | passwd postgres 148 | 149 | - Give the postgresql user a database password; As user ``postgres`` do:: 150 | 151 | su postgres 152 | psql 153 | \password postgres; 154 | 155 | - Prepare database: 156 | 157 | - As user postgresql do:: 158 | 159 | createuser -P mantis; 160 | 161 | and do the following: 162 | 163 | - give it password ``mantis`` 164 | - do not make it super user 165 | - allow it to create databases (required for running python unit tests). If you forgot about this step here, you can 166 | later run (``ALTER USER mantis CREATEDB;``) on the database prompt to achieve the same. 167 | - do not allow it to create new roles 168 | 169 | 170 | - In database, do:: 171 | 172 | CREATE DATABASE django OWNER mantis ENCODING 'UTF-8'; 173 | 174 | - In ``/etc/postgresql/9.1/main/pg_hba.conf`` enter after the line for the postgres user:: 175 | 176 | # TYPE DATABASE USER ADDRESS METHOD 177 | 178 | local [tab] django [tab] mantis [tab][tab] md5 179 | 180 | #. Continue with the :doc:`quickstart`. 181 | 182 | 183 | 184 | ------------------------------------------ 185 | (Semi-)automated installation with Vagrant 186 | ------------------------------------------ 187 | 188 | `Vagrant`_ allows automated provisioning of virtual machines with 189 | preconfigured packages, configuration settings, etc. 190 | 191 | (Development of Vagrant deployment scripts for Mantis is an ongoing 192 | effort. Scripts and documentation will be published as they become 193 | ready.) 194 | 195 | 196 | 197 | .. _Ubuntu Desktop 12.04 LTS: http://www.ubuntu.com/download/desktop 198 | 199 | .. _Vagrant: http://www.vagrantup.com/ 200 | -------------------------------------------------------------------------------- /docs/make.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | REM Command file for Sphinx documentation 4 | 5 | if "%SPHINXBUILD%" == "" ( 6 | set SPHINXBUILD=sphinx-build 7 | ) 8 | set BUILDDIR=_build 9 | set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% . 10 | set I18NSPHINXOPTS=%SPHINXOPTS% . 11 | if NOT "%PAPER%" == "" ( 12 | set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS% 13 | set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS% 14 | ) 15 | 16 | if "%1" == "" goto help 17 | 18 | if "%1" == "help" ( 19 | :help 20 | echo.Please use `make ^` where ^ is one of 21 | echo. html to make standalone HTML files 22 | echo. dirhtml to make HTML files named index.html in directories 23 | echo. singlehtml to make a single large HTML file 24 | echo. pickle to make pickle files 25 | echo. json to make JSON files 26 | echo. htmlhelp to make HTML files and a HTML help project 27 | echo. qthelp to make HTML files and a qthelp project 28 | echo. devhelp to make HTML files and a Devhelp project 29 | echo. epub to make an epub 30 | echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter 31 | echo. text to make text files 32 | echo. man to make manual pages 33 | echo. texinfo to make Texinfo files 34 | echo. gettext to make PO message catalogs 35 | echo. changes to make an overview over all changed/added/deprecated items 36 | echo. linkcheck to check all external links for integrity 37 | echo. doctest to run all doctests embedded in the documentation if enabled 38 | goto end 39 | ) 40 | 41 | if "%1" == "clean" ( 42 | for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i 43 | del /q /s %BUILDDIR%\* 44 | goto end 45 | ) 46 | 47 | if "%1" == "html" ( 48 | %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html 49 | if errorlevel 1 exit /b 1 50 | echo. 51 | echo.Build finished. The HTML pages are in %BUILDDIR%/html. 52 | goto end 53 | ) 54 | 55 | if "%1" == "dirhtml" ( 56 | %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml 57 | if errorlevel 1 exit /b 1 58 | echo. 59 | echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml. 60 | goto end 61 | ) 62 | 63 | if "%1" == "singlehtml" ( 64 | %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml 65 | if errorlevel 1 exit /b 1 66 | echo. 67 | echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml. 68 | goto end 69 | ) 70 | 71 | if "%1" == "pickle" ( 72 | %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle 73 | if errorlevel 1 exit /b 1 74 | echo. 75 | echo.Build finished; now you can process the pickle files. 76 | goto end 77 | ) 78 | 79 | if "%1" == "json" ( 80 | %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json 81 | if errorlevel 1 exit /b 1 82 | echo. 83 | echo.Build finished; now you can process the JSON files. 84 | goto end 85 | ) 86 | 87 | if "%1" == "htmlhelp" ( 88 | %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp 89 | if errorlevel 1 exit /b 1 90 | echo. 91 | echo.Build finished; now you can run HTML Help Workshop with the ^ 92 | .hhp project file in %BUILDDIR%/htmlhelp. 93 | goto end 94 | ) 95 | 96 | if "%1" == "qthelp" ( 97 | %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp 98 | if errorlevel 1 exit /b 1 99 | echo. 100 | echo.Build finished; now you can run "qcollectiongenerator" with the ^ 101 | .qhcp project file in %BUILDDIR%/qthelp, like this: 102 | echo.^> qcollectiongenerator %BUILDDIR%\qthelp\.qhcp 103 | echo.To view the help file: 104 | echo.^> assistant -collectionFile %BUILDDIR%\qthelp\.ghc 105 | goto end 106 | ) 107 | 108 | if "%1" == "devhelp" ( 109 | %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp 110 | if errorlevel 1 exit /b 1 111 | echo. 112 | echo.Build finished. 113 | goto end 114 | ) 115 | 116 | if "%1" == "epub" ( 117 | %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub 118 | if errorlevel 1 exit /b 1 119 | echo. 120 | echo.Build finished. The epub file is in %BUILDDIR%/epub. 121 | goto end 122 | ) 123 | 124 | if "%1" == "latex" ( 125 | %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex 126 | if errorlevel 1 exit /b 1 127 | echo. 128 | echo.Build finished; the LaTeX files are in %BUILDDIR%/latex. 129 | goto end 130 | ) 131 | 132 | if "%1" == "text" ( 133 | %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text 134 | if errorlevel 1 exit /b 1 135 | echo. 136 | echo.Build finished. The text files are in %BUILDDIR%/text. 137 | goto end 138 | ) 139 | 140 | if "%1" == "man" ( 141 | %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man 142 | if errorlevel 1 exit /b 1 143 | echo. 144 | echo.Build finished. The manual pages are in %BUILDDIR%/man. 145 | goto end 146 | ) 147 | 148 | if "%1" == "texinfo" ( 149 | %SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo 150 | if errorlevel 1 exit /b 1 151 | echo. 152 | echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo. 153 | goto end 154 | ) 155 | 156 | if "%1" == "gettext" ( 157 | %SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale 158 | if errorlevel 1 exit /b 1 159 | echo. 160 | echo.Build finished. The message catalogs are in %BUILDDIR%/locale. 161 | goto end 162 | ) 163 | 164 | if "%1" == "changes" ( 165 | %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes 166 | if errorlevel 1 exit /b 1 167 | echo. 168 | echo.The overview file is in %BUILDDIR%/changes. 169 | goto end 170 | ) 171 | 172 | if "%1" == "linkcheck" ( 173 | %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck 174 | if errorlevel 1 exit /b 1 175 | echo. 176 | echo.Link check complete; look for any errors in the above output ^ 177 | or in %BUILDDIR%/linkcheck/output.txt. 178 | goto end 179 | ) 180 | 181 | if "%1" == "doctest" ( 182 | %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest 183 | if errorlevel 1 exit /b 1 184 | echo. 185 | echo.Testing of doctests in the sources finished, look at the ^ 186 | results in %BUILDDIR%/doctest/output.txt. 187 | goto end 188 | ) 189 | 190 | :end -------------------------------------------------------------------------------- /docs/mantis_app_layout.rst: -------------------------------------------------------------------------------- 1 | MANTIS Application Layout 2 | ========================= 3 | 4 | .. contents:: 5 | 6 | Overview of the directory layout 7 | -------------------------------- 8 | 9 | The layout of the DINGOS Django application is as follows:: 10 | 11 | . 12 | ├── mantis 13 | │ ├── apps 14 | │ ├── assets 15 | │ ├── blobs 16 | │ ├── menus.py 17 | │ ├── models.py 18 | │ ├── settings 19 | │ │ ├── base.py 20 | │ │ ├── local_psql.py 21 | │ │ ├── local.py 22 | │ │ ├── production.py 23 | │ │ └── testing.py 24 | │ ├── static 25 | │ ├── templates 26 | │ │ ├── 404.html 27 | │ │ ├── 500.html 28 | │ │ ├── base.html 29 | │ │ ├── dingos 30 | │ │ │ └── grappelli 31 | │ │ │ └── base.html 32 | │ │ └── mantis 33 | │ │ └── grappelli 34 | │ ├── urls.py 35 | │ └── wsgi.py 36 | 37 | -------------------------------------------------------------------------------- /docs/mantis_developers_guide.rst: -------------------------------------------------------------------------------- 1 | MANTIS developers' guide 2 | ======================== 3 | 4 | 5 | Contents: 6 | 7 | .. toctree:: 8 | :maxdepth: 2 9 | 10 | before_starting_to_develop 11 | setting_up_a_development_environment 12 | mantis_app_layout 13 | -------------------------------------------------------------------------------- /docs/quickstart.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../quickstart.rst 2 | -------------------------------------------------------------------------------- /docs/readme.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../README.rst 2 | -------------------------------------------------------------------------------- /docs/screenshots.rst: -------------------------------------------------------------------------------- 1 | Screenshots 2 | =========== 3 | 4 | To get an idea of what MANTIS currently provides, take a look at the following screenshots. 5 | 6 | .. contents:: 7 | 8 | Login 9 | ----- 10 | 11 | Django's standard login screen, rendered with the Grappelli skin 12 | that is used by Mantis. You can customize Django to do 13 | authentication differently (see the 14 | `Django documentation on customizing authentication`_.) 15 | 16 | 17 | .. figure:: images/mantis_login.PNG 18 | :scale: 50 % 19 | :align: center 20 | 21 | The login screen 22 | 23 | Menus 24 | ----- 25 | 26 | In its default configuration, MANTIS currently presents three menus: 27 | 28 | .. figure:: images/mantis_menus.png 29 | :scale: 50 % 30 | :align: center 31 | 32 | The menus presented to the user by MANTIS 33 | 34 | 35 | 36 | 37 | * A menu over which the existing search/filter views are accessible 38 | * A menu over which saved searches are accessible 39 | * A menu for viewing/editing user-specific information 40 | 41 | 42 | 43 | Viewing imported information objects 44 | ------------------------------------ 45 | 46 | The screenshot below shows the overview of imported information objects right 47 | after import of MITRE's conversion of the 48 | `MITRE STIX conversion of APT-1 report`_. We imported the top-level STIX package 49 | and the Appendix G with full indicators of compromise (i.e., Mandiant OpenIOC 50 | is embedded into the STIX XML). The count shows a quite large number of objects, 51 | and we obviously need a way to find our way around. So in the next step, 52 | we filter the list a bit. 53 | 54 | 55 | .. figure:: images/mantis_view_infoobject_after_mandiant_import.PNG 56 | :scale: 50 % 57 | :align: center 58 | 59 | The list of information objects (standard URL: ``/mantis/View/InfoObject``) 60 | 61 | 62 | Filtering 63 | --------- 64 | 65 | The filter box on the page showing the information object list allows filtering with respect 66 | to several commonly used criteria. Here, we filter by information object type, and chose 67 | the ``STIX_Package``. 68 | 69 | 70 | 71 | .. figure:: images/mantis_filter_infoobject_types.PNG 72 | :scale: 100 % 73 | :align: center 74 | 75 | Filtering with respect to information object types 76 | 77 | Filtering results for ``STIX_Packages`` yields two results: the package that represents 78 | the top-level of the APT-1 report and the package that represents appendix G. 79 | 80 | 81 | .. figure:: images/mantis_view_infoobject_restricted_to_stix_packages.PNG 82 | :scale: 50 % 83 | :align: center 84 | 85 | Result of filtering for ``STIX_Packages`` 86 | 87 | 88 | Viewing an info object 89 | ---------------------- 90 | 91 | Clicking on the STIX package for the top-level of the APT-1 report shows 92 | MANTIS's representation of the info object: 93 | 94 | 95 | .. figure:: images/mantis_view_mandiant_report_toplevel.PNG 96 | :scale: 50 % 97 | :align: center 98 | 99 | View of STIX package presenting top-level of APT 1 report 100 | 101 | 102 | * At the top, we have identifiying information. 103 | 104 | * The bulk of the display in the center concerns 105 | the facts contained in the object (the color coding shows the structuring of the 106 | facts -- it takes a bit of getting used to ... but this is just a view after 107 | all: you can create a view that suits you better.) 108 | 109 | The fact values that appear in blue are actually links to other 110 | info objects that have been extracted from the STIX package. You see 111 | two objects called ``PLACEHOLDER``: as it turns out, the STIX package 112 | references these two objects without actually defining them. Would 113 | they be imported at a later point of time (identified by identifier 114 | and namespace of the identifier), the placeholders would 115 | be overwritten. 116 | 117 | * The view also shows the marking that has been extracted and associated 118 | with this info object and all other info objects extracted from the 119 | STIX package. 120 | 121 | * Curently, there is a single revision of the object in the system. If there 122 | were more revisions, these would be shown (as well as whether the revision 123 | you are looking at is the most recent revision). 124 | 125 | * This information object is not embedded in another info object; if it were, 126 | information about these objects would be displayed. 127 | 128 | 129 | Viewing another info object 130 | --------------------------- 131 | 132 | Clicking on the value of the third fact with fact term ``TTPs\TTP``, 133 | we see the facts contained in this info object ... and now there 134 | is also information about info objects in which this info object is 135 | embedded. 136 | 137 | 138 | .. figure:: images/mantis_view_mandiant_report_ttp_htran.PNG 139 | :scale: 50 % 140 | :align: center 141 | 142 | Viewing a TTP object. Standard URL for viewing is ``mantis/View/InfoObject/`` 143 | 144 | 145 | Clicking once more, this time into an address object (here, the pre-defined 146 | naming schema did not work and produced the name ``AddressObject (4 facts)`` -- 147 | but you can configure additional naming schemas), we view another info object: 148 | 149 | .. figure:: images/mantis_view_mandiant_report_ttp_htran_address.PNG 150 | :scale: 50 % 151 | :align: center 152 | 153 | Viewing an address object 154 | 155 | Again, we have information about which objects this particular object is embedded in: 156 | we get two results, and two times the same object, because it has been referenced 157 | two times (once by mistake, it seems.) 158 | 159 | 160 | Viewing the JSON representation 161 | ------------------------------- 162 | 163 | Mantis stores objects internally as lists of facts (refer to the 164 | `DINGOS model description`_ to learn more about the internal data model), 165 | but can also produce a JSON representation of each object. 166 | 167 | .. figure:: images/mantis_view_mandiant_report_ttp_htran_json.PNG 168 | :scale: 50 % 169 | :align: center 170 | 171 | JSON representation of a STIX TTP object. Standard url is ``mantis/View/InfoObject//json`` 172 | 173 | Unfortunately, the JSON representation has still a slight problem: in the last few 174 | lines, the identifiers for ``@phase_id`` and ``@kill_chain_id`` would have to be 175 | treated akin to the "normal" references using ``idref``. 176 | 177 | 178 | Dealing with embeddings of different standards 179 | ---------------------------------------------- 180 | 181 | STIX is very flexible and allows the embedding of other standards, such as Mandiant's OpenIOC. 182 | For example, the `MITRE STIX conversion of APT-1 report`_ contains one version of the "Appendix G", 183 | that contains embedded OpenIOC indicators. The Mantis STIX importer recognizes such occurrences 184 | and hands off to the Mantis OpenIOC importer. 185 | 186 | .. figure:: images/mantis_view_infoobject_godocupload.PNG 187 | :scale: 50 % 188 | :align: center 189 | 190 | STIX indicator with embedded OpenIOC indicator (fact with fact term ``Test_Mechanisms/Test_Mechanism/ioc``). 191 | 192 | Clicking on the embedded ``ioc`` object (here, the naming went wrong, it should display the value of the ``short_description`` element 193 | in the IOC) in line ``Test_Mechanisms/Test_Mechanism/ioc`` yields a view of the imported OpenIOC info object. 194 | 195 | .. figure:: images/mantis_view_infoobject_godocupload_openioc.PNG 196 | :scale: 50 % 197 | :align: center 198 | 199 | An OpenIOC indicator 200 | 201 | 202 | 203 | Searching and viewing results 204 | ----------------------------- 205 | 206 | We also can search for facts: 207 | 208 | 209 | .. figure:: images/mantis_search_several_results_ugly_gorilla.PNG 210 | :scale: 50 % 211 | :align: center 212 | 213 | Searching for values 214 | 215 | The search page allows us to search for values, e.g. the word ``ugly``. 216 | This yields several results. The display shows the info objects in which 217 | the value occurs, the info object type of these objects, and the 218 | fact term under which the value occurs. 219 | 220 | Clicking on one of the objects shows the object and marks in red 221 | the occurrence of the searched term. 222 | 223 | 224 | .. figure:: images/mantis_search_several_results_ugly_gorilla_view_one_result.PNG 225 | :scale: 50 % 226 | :align: center 227 | 228 | Viewing a search result 229 | 230 | 231 | Editing user-specific data 232 | -------------------------- 233 | 234 | Currently, each user can edit his user configurations and saved searches. 235 | 236 | 237 | Edit user configurations 238 | ;;;;;;;;;;;;;;;;;;;;;;;; 239 | 240 | .. figure:: images/mantis_edit_user_config.PNG 241 | :scale: 50 % 242 | :align: center 243 | 244 | The view for editing the user configurations 245 | 246 | Currently, there is only a minimum of user configurations available -- these 247 | will be extended in future releases of MANTIS. Also, the framework for 248 | managing user configurations is very flexible and can be used for own development 249 | (see the `relevant documentation of DINGOS`_.) 250 | 251 | .. _relevant documentation of DINGOS: http://django-dingos.readthedocs.org/en/latest/dingos_guide_to_userconfiguration.html 252 | 253 | Edit user configurations 254 | ;;;;;;;;;;;;;;;;;;;;;;;; 255 | 256 | 257 | .. figure:: images/mantis_edit_saved_searches.PNG 258 | :scale: 50 % 259 | :align: center 260 | 261 | The view for editing saved searches 262 | 263 | After pressing the 'Save Search' button on the filter view, users are presented with a view 264 | that allows them to add the new search and edit the exiting ones; the view is also 265 | available via the user-specific menu in the top right of the screen. 266 | 267 | 268 | 269 | 270 | A look at the admin interface 271 | ----------------------------- 272 | 273 | Django features a very powerful admin interface. We us it to view and manage 274 | enumerables such as info object types, fact data types, etc. 275 | 276 | .. figure:: images/mantis_admin_overview.PNG 277 | :scale: 50 % 278 | :align: center 279 | 280 | The Django admin interface with overview of DINGOS's models 281 | 282 | 283 | For example, here the list of info object types in the system. 284 | 285 | .. figure:: images/mantis_admin_iobject_types.PNG 286 | :scale: 50 % 287 | :align: center 288 | 289 | Admin overview of the info object types 290 | 291 | Access to the info object types via the admin interface is especially 292 | relevant, because naming schemas that govern how objects are named 293 | are defined per info object type. 294 | 295 | .. figure:: images/mantis_admin_iobject_type_file_example.PNG 296 | :scale: 50 % 297 | :align: center 298 | 299 | Configuration of naming schemas for file objects 300 | 301 | 302 | .. _Django documentation on customizing authentication: https://docs.djangoproject.com/en/dev/topics/auth/customizing/ 303 | 304 | .. _MITRE STIX conversion of APT-1 report: http://stix.mitre.org/downloads/APT1-STIX.zip 305 | 306 | .. _DINGOS model description: http://django-dingos.readthedocs.org/en/latest/dingos_model_overview.html 307 | 308 | 309 | -------------------------------------------------------------------------------- /docs/setting_up_a_development_environment.rst: -------------------------------------------------------------------------------- 1 | Setting up a development environment 2 | ==================================== 3 | 4 | #. Refer to :doc:`contributing` (section "Getting Started") for information of how to (1) either fork a repository, clone it, 5 | and install it for development purposes, or (2) set up the directory structure for your own Django app that will 6 | contribute to the Mantis framework. 7 | 8 | #. Chose a development environment of your liking. Here is how you can setup 9 | `PyCharm`_ Professional Edition in support of development for Django: 10 | * Start up PyCharm and enter your license information. 11 | * Before opening a project/folder, go to ``Configure -> Settings`` and adjust the following: 12 | 13 | - Use the search box in the settings dialog to find the place where you can configure the proxy settings: 14 | - Configure the python environment under "Project Interpreter" -> "Python Interpreters" 15 | Click on the "+", then on "Local..." 16 | Select ``/bin/python``, and click "Ok" 17 | - Click on "Ok" to close the settings window. 18 | 19 | * Open the project folder: select "Open Directory" and choose your source directories 20 | 21 | * Before being able to run the django-mantis project, you have to adjust the "Run/Debug Confgurations" (wait for the indexer to finish...) 22 | 23 | - In the menubar, click on "Run" -> "Edit Configurations" 24 | - Select the "django-mantis" in the displayed tree on the left 25 | - In the right pane, add the following to the "Additional options:" ``--settings=mantis.settings.local_psql`` or ``--settings=mantis.settings.local`` 26 | 27 | * You should now be able to run the django server by clicking the play button. 28 | 29 | .. _PyCharm: http://www.jetbrains.com/pycharm/ 30 | -------------------------------------------------------------------------------- /docs/what_mantis_is.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | What MANTIS is and isn't 3 | ======================== 4 | 5 | MANTIS 6 | 7 | * *isn't* a finished tool or even project: we like to think that it provides 8 | a solid basis on which cyber-threat intelligence management can be built up upon, 9 | but if you expect something that out of the box covers all aspects 10 | of cyber-threat intelligence management, MANTIS isn't for you. 11 | 12 | * (currently) *isn't* a tool fit for importing *huge* datasets. It can 13 | import fairly large XML documents such as the `MITRE STIX conversion 14 | of the APT-1 report`_, but this takes a while (expect 20-30 minutes 15 | or so.) So do not expect to be able to throw, e.g., dozens and 16 | dozens of MAEC files with sizes of several 100MBs into the system: 17 | the generic importer is not fit for such sizes. 18 | 19 | This situation may change at some point of time with more stream-lined 20 | importers, but MANTIS is really not intended to deal with very big data 21 | the way log management solutions such as Splunk et al. are. 22 | 23 | What MANTIS is: 24 | 25 | * MANTIS provides an example implementation of a framework for 26 | managing cyber threat intelligence expressed in standards such as 27 | STIX, CybOX, IODEF, etc. The aims of providing such an example 28 | implementation are: 29 | 30 | * To aide discussions about emerging standards such as STIX, CybOX et al. 31 | with respect to questions regarding tooling: how would a certain 32 | aspect be implemented, how do changes affect an implementation? Such 33 | discussions become much easier and have a better basis if they can 34 | be lead in the context of example tooling that is known to 35 | the community. 36 | 37 | * To lower the entrance barrier for organizations and teams (esp. 38 | CERT teams) in using emerging standards for cyber-threat 39 | intelligence management and exchange. 40 | 41 | * To provide a platform on the basis of which research and 42 | community-driven development in the area of cyber-threat 43 | intelligence management can occur. 44 | 45 | * Even though MANTIS is in no way a complete system, it already does 46 | cover a first use case: MANTIS provides an information repository 47 | into which cyber threat intelligence received in STIX/CybOX, OpenIOC 48 | and IODEF can be imported in a meaningful way that allows browsing, 49 | filtering and searching for information. Thus, MANTIS can be used as 50 | information base for keeping all the information you receive and 51 | information you generate yourself that is expressed in one of the 52 | currently supported standards. Because the importer is highly 53 | configurable, importers for other structured data should not be too 54 | difficult to write (and will hopefully be shared with the 55 | community ...). 56 | 57 | 58 | .. _MITRE STIX conversion of the APT-1 report: http://stix.mitre.org/downloads/APT1-STIX.zip 59 | -------------------------------------------------------------------------------- /manage.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import os 3 | import sys 4 | 5 | if __name__ == "__main__": 6 | os.environ.setdefault("DJANGO_SETTINGS_MODULE", "django-mantis.settings") 7 | 8 | from django.core.management import execute_from_command_line 9 | 10 | execute_from_command_line(sys.argv) -------------------------------------------------------------------------------- /mantis/__init__.py: -------------------------------------------------------------------------------- 1 | __version__ = '0.2.1' 2 | 3 | try: 4 | import menus 5 | except: 6 | pass 7 | -------------------------------------------------------------------------------- /mantis/apps/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bgro/django-mantis/41014338691ce9954128c1e312b3a7c10fc39a61/mantis/apps/__init__.py -------------------------------------------------------------------------------- /mantis/assets/css/styles.css: -------------------------------------------------------------------------------- 1 | /*! project specific CSS goes here. */ -------------------------------------------------------------------------------- /mantis/assets/js/scripts.js: -------------------------------------------------------------------------------- 1 | /* Project specific Javascript goes here. */ -------------------------------------------------------------------------------- /mantis/menus.py: -------------------------------------------------------------------------------- 1 | from menu import Menu, MenuItem 2 | from django.core.urlresolvers import reverse 3 | 4 | Menu.add_item( "mantis_main", 5 | MenuItem("List, Filter & Search", "", 6 | weight = 50, 7 | children = ( 8 | MenuItem("Info Object List (generic filter)", reverse("url.dingos.list.infoobject.generic"), weight = 40 ), 9 | MenuItem("Info Object List (filter by ID)", reverse("url.dingos.list.infoobject.by_id"), weight = 50 ), 10 | MenuItem("Fact Search (simple)", reverse("url.dingos.search.fact.simple"), weight = 40 ), 11 | MenuItem("Fact Search (unique)", reverse("url.dingos.search.fact.simple.unique"), weight = 40 ), 12 | ), 13 | 14 | ) 15 | ) 16 | 17 | 18 | 19 | Menu.add_item( "mantis_main", 20 | MenuItem("Saved Filters/Searches", "", 21 | weight = 50, 22 | children = () 23 | 24 | ) 25 | ) 26 | 27 | 28 | def user_name(request): 29 | if request.user.is_authenticated(): 30 | return request.user.username 31 | else: 32 | return "Not logged in" 33 | 34 | def login_name(request): 35 | if request.user.is_authenticated(): 36 | return "Log out" 37 | else: 38 | return "Log in" 39 | 40 | 41 | Menu.add_item( "mantis_main", 42 | MenuItem(user_name, 43 | "", 44 | weight = 50, 45 | children = (MenuItem("Edit user config", reverse("url.dingos.admin.view.userprefs"), weight = 40 ), 46 | MenuItem("Edit saved searches", reverse("url.dingos.admin.edit.savedsearches"), weight = 40 ), 47 | MenuItem(login_name, 48 | reverse("admin:logout"), 49 | weight = 40, 50 | # Seems that the check functionality of simple menu 51 | # is somehow broken. 52 | #check = lambda request: request.user.is_authenticated()) 53 | ) 54 | ) 55 | 56 | ) 57 | ) 58 | 59 | 60 | 61 | 62 | 63 | 64 | -------------------------------------------------------------------------------- /mantis/models.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /mantis/settings/__init__.py: -------------------------------------------------------------------------------- 1 | from .base import * 2 | 3 | __version__ = '0.1.0' -------------------------------------------------------------------------------- /mantis/settings/base.py: -------------------------------------------------------------------------------- 1 | import sys 2 | from os.path import join, abspath, dirname 3 | 4 | import os 5 | 6 | from django.core.exceptions import ImproperlyConfigured 7 | 8 | def get_env_variable(var_name): 9 | """ Get the environment variable or return exception """ 10 | try: 11 | return os.environ[var_name] 12 | except KeyError: 13 | error_msg = "Set the %s env variable" % var_name 14 | raise ImproperlyConfigured(error_msg) 15 | 16 | 17 | 18 | 19 | # PATH vars 20 | 21 | here = lambda *x: join(abspath(dirname(__file__)), *x) 22 | PROJECT_ROOT = here("..") 23 | root = lambda *x: join(abspath(PROJECT_ROOT), *x) 24 | 25 | sys.path.insert(0, root('apps')) 26 | 27 | 28 | 29 | # Make this unique, and don't share it with anybody. 30 | SECRET_KEY = "CHANGE THIS" 31 | 32 | # Configuration for apps used in the framework 33 | 34 | ## Grappelli 35 | 36 | # The title of the menu bar 37 | 38 | GRAPPELLI_ADMIN_TITLE = "MANTIS Cyber Threat Info Management" 39 | 40 | ## DINGOS 41 | 42 | DINGOS = { 43 | # The OWN_ORGANIZATION_ID_NAMESPACE is used as default namespace for object identifiers 44 | # if no namespace is provided 45 | 'OWN_ORGANIZATION_ID_NAMESPACE': 'own.organization.com', 46 | 47 | # We do not want to write really large values to the FactValue table: 48 | # with the current postgresql config, large values make trouble, 49 | # because we enforce uniqueness on the FactValue table, and that 50 | # requires indexing, which fails with the default config. 51 | # This may be overcome by tweaking indexing in Postgresql. Until 52 | # then, use a maximum size limit no larger than 2048. 53 | 'DINGOS_MAX_VALUE_SIZE_WRITTEN_TO_VALUE_TABLE' : 2048, 54 | # The possible destinations for large values are: 55 | # - DINGOS_BLOB_TABLE: a dedicated table for large values 56 | # - DINGOS_FILE_SYSTEM: the file system 57 | # - DINGOS_VALUES_TABLE: write to the values table anyways 58 | 'LARGE_VALUE_DESTINATION' : 'DINGOS_BLOB_TABLE', 59 | # - The BLOB_ROOT specifies the location on the filesystem to which large values are written 60 | 'BLOB_ROOT' : root('blobs'), 61 | 62 | # Later versions of DINGOS may support other CSS frameworks. Until then, the 63 | # template family must remain 'grappelli' 64 | 'TEMPLATE_FAMILY' : 'grappelli', 65 | 66 | # Below, we define sample saved searches. These make only sense, if the 67 | # the import commands for the default naming schemas have been carried out in 68 | # exactly the same order as specified in the quickstart(_psql).sh scripts -- 69 | # otherwise, the identifiers specified in the searches (here '72' for InfoObjectType 70 | # STIX_Package) will not work. 71 | 'DINGOS_DEFAULT_SAVED_SEARCHES' : { 72 | 'dingos' : [ 73 | { 'priority' : "0", 74 | 'title' : 'Filter for STIX Packages', 75 | 'view' : 'url.dingos.list.infoobject.generic', 76 | 'parameter' : 'iobject_type=72', 77 | } 78 | ], 79 | }, 80 | 'DINGOS_DEFAULT_USER_PREFS' : { 81 | 'dingos' : { 'widgets' : 82 | {'embedded_in_objects' : 83 | {'lines' : {'@description': """Max. number of objects displayed in 84 | widget listing the objects in which the 85 | current object is embedded.""", 86 | '_value' : '5'} 87 | } , 88 | }, 89 | 'view' : 90 | {'pagination': 91 | {'lines' : {'@description': """Max. number of lines displayed in 92 | paginated views.""", 93 | '_value' : '20'}, 94 | }, 95 | 'orientation' : {'@description': """Layout orientation. Possible values are 'auto', 'vertical' and 96 | 'horizontal'.""", 97 | '_value' : 'auto'} 98 | } 99 | 100 | } 101 | } 102 | } 103 | 104 | DEBUG = False 105 | TEMPLATE_DEBUG = DEBUG 106 | 107 | ADMINS = () 108 | 109 | MANAGERS = ADMINS 110 | 111 | DATABASES = { 112 | 'default': { 113 | 'ENGINE': 'django.db.backends.postgresql_psycopg2', 114 | 'NAME': 'django', 115 | 'USER': 'mantis', 116 | 'PASSWORD': '', 117 | 'HOST': '', 118 | 'PORT': '', 119 | } 120 | } 121 | 122 | 123 | # Hosts/domain names that are valid for this site; required if DEBUG is False 124 | # See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts 125 | ALLOWED_HOSTS = [] 126 | 127 | # Local time zone for this installation. Choices can be found here: 128 | # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name 129 | # although not all choices may be available on all operating systems. 130 | # In a Windows environment this must be set to your system time zone. 131 | TIME_ZONE = 'Europe/Berlin' 132 | 133 | # Language code for this installation. All choices can be found here: 134 | # http://www.i18nguy.com/unicode/language-identifiers.html 135 | LANGUAGE_CODE = 'en-us' 136 | 137 | SITE_ID = 1 138 | 139 | # If you set this to False, Django will make some optimizations so as not 140 | # to load the internationalization machinery. 141 | USE_I18N = False 142 | 143 | # If you set this to False, Django will not format dates, numbers and 144 | # calendars according to the current locale. 145 | USE_L10N = True 146 | 147 | # If you set this to False, Django will not use timezone-aware datetimes. 148 | USE_TZ = True 149 | 150 | # Absolute filesystem path to the directory that will hold user-uploaded files. 151 | # Example: "/var/www/example.com/media/" 152 | MEDIA_ROOT = root('assets', 'uploads') 153 | 154 | # URL that handles the media served from MEDIA_ROOT. Make sure to use a 155 | # trailing slash. 156 | # Examples: "http://media.lawrence.com/media/", "http://example.com/media/" 157 | MEDIA_URL = '/media/' 158 | 159 | # Absolute path to the directory static files should be collected to. 160 | # Don't put anything in this directory yourself; store your static files 161 | # in apps' "static/" subdirectories and in STATICFILES_DIRS. 162 | # Example: "/home/media/media.lawrence.com/static/" 163 | STATIC_ROOT = root('static') 164 | 165 | # URL prefix for static files. 166 | # Example: "http://media.lawrence.com/static/" 167 | STATIC_URL = '/static/' 168 | 169 | # Additional locations of static files 170 | STATICFILES_DIRS = ( 171 | root('assets'), 172 | ) 173 | 174 | # List of finder classes that know how to find static files in 175 | # various locations. 176 | STATICFILES_FINDERS = ( 177 | 'django.contrib.staticfiles.finders.FileSystemFinder', 178 | 'django.contrib.staticfiles.finders.AppDirectoriesFinder', 179 | ) 180 | 181 | # List of callables that know how to import templates from various sources. 182 | TEMPLATE_LOADERS = ( 183 | 'django.template.loaders.filesystem.Loader', 184 | 'django.template.loaders.app_directories.Loader', 185 | ) 186 | 187 | MIDDLEWARE_CLASSES_list = [ 188 | 'django.contrib.sessions.middleware.SessionMiddleware', 189 | 'django.middleware.common.CommonMiddleware', 190 | 'django.middleware.csrf.CsrfViewMiddleware', 191 | 'django.contrib.auth.middleware.AuthenticationMiddleware', 192 | 'django.contrib.messages.middleware.MessageMiddleware', 193 | 'django.middleware.clickjacking.XFrameOptionsMiddleware', 194 | ] 195 | 196 | MIDDLEWARE_CLASSES = tuple(MIDDLEWARE_CLASSES_list) 197 | 198 | 199 | # Add context processors 200 | # (without these, templates have no access to request etc. 201 | 202 | TEMPLATE_CONTEXT_PROCESSORS = ( 203 | 'django.contrib.auth.context_processors.auth', 204 | 'django.core.context_processors.request', 205 | ) 206 | 207 | ROOT_URLCONF = 'mantis.urls' 208 | 209 | # Python dotted path to the WSGI application used by Django's runserver. 210 | WSGI_APPLICATION = 'mantis.wsgi.application' 211 | 212 | TEMPLATE_DIRS = ( 213 | root('templates'), 214 | ) 215 | 216 | INSTALLED_APPS_list = [ 217 | 'grappelli', 218 | 'django.contrib.auth', 219 | 'django.contrib.contenttypes', 220 | 'django.contrib.sessions', 221 | 'django.contrib.sites', 222 | 'django.contrib.messages', 223 | 'django.contrib.staticfiles', 224 | 'django.contrib.admin', 225 | 'django.contrib.admindocs', 226 | # We use django-simplemenu for displaying menu structures 227 | 'menu', 228 | # Below, the MANTIS components are installed 229 | 'dingos', 230 | 'mantis_core', 231 | 'mantis_openioc_importer', 232 | 'mantis_stix_importer', 233 | 'mantis_iodef_importer', 234 | 235 | # 236 | # Uncomment below to include TAXII SERVICES and YETI from MITRE's 237 | # TAXII PoC implementation YETI 238 | 239 | # (you must make these available to Django, e.g. by symlinking 240 | # the app directories into the 'django-mantis' directory;). 241 | # in order to use the taxii services, you must also 242 | # append the url.py configuration 243 | # 244 | #'taxii_services', 245 | #'yeti', 246 | ] 247 | 248 | INSTALLED_APPS = tuple(INSTALLED_APPS_list + ['south']) 249 | 250 | PROJECT_APPS = () 251 | 252 | INSTALLED_APPS += PROJECT_APPS 253 | 254 | 255 | # A sample logging configuration. The only tangible logging 256 | # performed by this configuration is to send an email to 257 | # the site admins on every HTTP 500 error when DEBUG=False. 258 | # See http://docs.djangoproject.com/en/dev/topics/logging for 259 | # more details on how to customize your logging configuration. 260 | LOGGING = { 261 | 'version': 1, 262 | 'disable_existing_loggers': False, 263 | 'filters': { 264 | 'require_debug_false': { 265 | '()': 'django.utils.log.RequireDebugFalse' 266 | } 267 | }, 268 | 'formatters': { 269 | 'verbose': { 270 | 'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s' 271 | }, 272 | 'simple': { 273 | 'format': '%(levelname)s %(module)s %(message)s' 274 | }, 275 | }, 276 | 'handlers': { 277 | 'mail_admins': { 278 | 'level': 'ERROR', 279 | 'filters': ['require_debug_false'], 280 | 'class': 'django.utils.log.AdminEmailHandler' 281 | }, 282 | 'null': { 283 | 'level': 'DEBUG', 284 | 'class': 'django.utils.log.NullHandler', 285 | }, 286 | 'console':{ 287 | 'level': 'DEBUG', 288 | 'class': 'logging.StreamHandler', 289 | 'formatter': 'simple' 290 | }, 291 | }, 292 | 'loggers': { 293 | 'django.request': { 294 | 'handlers': ['mail_admins'], 295 | 'level': 'ERROR', 296 | 'propagate': True, 297 | }, 298 | } 299 | } 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | -------------------------------------------------------------------------------- /mantis/settings/local.py: -------------------------------------------------------------------------------- 1 | from .base import * 2 | 3 | 4 | # 5 | # Settings that help with debugging 6 | # 7 | 8 | 9 | DEBUG = True 10 | 11 | TEMPLATE_DEBUG = DEBUG 12 | 13 | TEMPLATE_STRING_IF_INVALID = "INVALID EXPRESSION: '%s'" 14 | 15 | # 16 | # To add the django-debug-toolbar (an essential tool for own development) 17 | # try uncommenting the lines below. 18 | # If you run into an issue with this (error messages 'NoReverseMatch: u'djdt' is not a registered namespace'), 19 | # you can instead try the explicit setup of the debug toolbar as described at 20 | # http://django-debug-toolbar.readthedocs.org/en/1.0/installation.html#explicit-setup 21 | # 22 | 23 | #MIDDLEWARE_CLASSES_list.append('debug_toolbar.middleware.DebugToolbarMiddleware') 24 | #INSTALLED_APPS_list.append('debug_toolbar') 25 | #INTERNAL_IPS = ('127.0.0.1',) 26 | 27 | 28 | 29 | # Configure middleware classes and installed apps 30 | 31 | 32 | MIDDLEWARE_CLASSES = tuple(MIDDLEWARE_CLASSES_list) 33 | 34 | INSTALLED_APPS = tuple(INSTALLED_APPS_list 35 | + ['south']) 36 | 37 | # Add loggers 38 | 39 | STANDARD_CONSOLE_LOGLEVEL = 'INFO' 40 | 41 | LOGGING['loggers']['dingos'] = { 42 | 'handlers': ['console'], 43 | 'level': STANDARD_CONSOLE_LOGLEVEL, 44 | 'propagate': True, 45 | } 46 | 47 | LOGGING['loggers']['mantis'] = { 48 | 'handlers': ['console'], 49 | 'level': STANDARD_CONSOLE_LOGLEVEL, 50 | 'propagate': True, 51 | } 52 | 53 | 54 | LOGGING['loggers']['mantis_openioc_importer'] = { 55 | 'handlers': ['console'], 56 | 'level': STANDARD_CONSOLE_LOGLEVEL, 57 | 'propagate': True, 58 | } 59 | 60 | LOGGING['loggers']['mantis_stix_importer'] = { 61 | 'handlers': ['console'], 62 | 'level': STANDARD_CONSOLE_LOGLEVEL, 63 | 'propagate': True, 64 | } 65 | 66 | LOGGING['loggers']['mantis_iodef_importer'] = { 67 | 'handlers': ['console'], 68 | 'level': STANDARD_CONSOLE_LOGLEVEL, 69 | 'propagate': True, 70 | } 71 | 72 | LOGGING['loggers']['mantis_taxii'] = { 73 | 'handlers': ['console'], 74 | 'level': STANDARD_CONSOLE_LOGLEVEL, 75 | 'propagate': True, 76 | } 77 | 78 | 79 | 80 | ADMINS = ( 81 | ) 82 | 83 | MANAGERS = ADMINS 84 | 85 | 86 | 87 | DATABASES = { 88 | 'default': { 89 | 'ENGINE': 'django.db.backends.sqlite3', 90 | 'NAME': '/tmp/django-mantis_test.db', 91 | 'USER': '', 92 | 'PASSWORD': '', 93 | 'HOST': '', 94 | 'PORT': '', 95 | } 96 | } 97 | -------------------------------------------------------------------------------- /mantis/settings/local_psql.py: -------------------------------------------------------------------------------- 1 | from .local import * 2 | 3 | 4 | DATABASES = { 5 | 'default': { 6 | 'ENGINE': 'django.db.backends.postgresql_psycopg2', #'django.db.backends.mysql', #'django.db.backends.postgresql_psycopg2', # 'django.db.backends.mysql', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. 7 | 'NAME': 'django', # Or path to database file if using sqlite3. 8 | 'USER': 'mantis', # Not used with sqlite3. 9 | 'PASSWORD': 'mantis', # Not used with sqlite3. 10 | 'HOST': 'localhost', # Set to empty string for localhost. Not used with sqlite3. 11 | 'PORT': '5432', # Set to empty string for default. Not used with sqlite3. 12 | } 13 | } 14 | 15 | 16 | -------------------------------------------------------------------------------- /mantis/settings/production.py: -------------------------------------------------------------------------------- 1 | from .base import * 2 | 3 | 4 | DEBUG = True 5 | TEMPLATE_DEBUG = DEBUG 6 | 7 | ADMINS = ( 8 | ) 9 | 10 | MANAGERS = ADMINS 11 | 12 | 13 | get_env_variable('DJANGO_SECRET_KEY') 14 | 15 | DATABASES = { 16 | 'default': { 17 | 'ENGINE': 'django.db.backends.postgresql_psycopg2', 18 | 'NAME': 'django', 19 | 'USER': 'mantis', 20 | 'PASSWORD': get_env_variable('DJANGO_DB_PASSWORD'), 21 | 'HOST': '', 22 | 'PORT': '', 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /mantis/settings/testing.py: -------------------------------------------------------------------------------- 1 | from .base import * -------------------------------------------------------------------------------- /mantis/templates/404.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | 3 | {% block title %}Page Not found{% endblock %} 4 | 5 | {% block content %} 6 |

This is not the page you were looking for.

7 | {% endblock content %} -------------------------------------------------------------------------------- /mantis/templates/500.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | 3 | {% block title %}Server Error{% endblock %} 4 | 5 | {% block content %} 6 |

Whoops!

7 | {% endblock content %} -------------------------------------------------------------------------------- /mantis/templates/base.html: -------------------------------------------------------------------------------- 1 | {% load staticfiles %} 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | {% block title %}{{cookiecutter.project_name}}{% endblock title %} 11 | 12 | 13 | 16 | 17 | 18 | 19 | {% block css %} 20 | 21 | {% endblock %} 22 | 23 | 24 | 25 | 26 |
27 | 28 | {% block content %} 29 |

Use this document as a way to quick start any new project.

30 | {% endblock content %} 31 | 32 |
33 | 34 | 35 | 37 | 38 | {% block javascript %} 39 | 40 | 41 | {% endblock javascript %} 42 | 43 | -------------------------------------------------------------------------------- /mantis/templates/dingos/grappelli/base.html: -------------------------------------------------------------------------------- 1 | {% extends "admin/base_site.html" %} 2 | 3 | 4 | 5 | {% comment %} 6 | Copyright (c) Siemens AG, 2013 7 | 8 | This file is part of MANTIS. MANTIS is free software: you can 9 | redistribute it and/or modify it under the terms of the GNU General Public 10 | License as published by the Free Software Foundation; either version 2 11 | of the License, or(at your option) any later version. 12 | 13 | This program is distributed in the hope that it will be useful, but WITHOUT 14 | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 15 | FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 16 | details. 17 | 18 | You should have received a copy of the GNU General Public License along with 19 | this program; if not, write to the Free Software Foundation, Inc., 51 20 | Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 21 | {% endcomment %} 22 | 23 | {% load staticfiles %} 24 | 25 | {% block stylesheets %} 26 | {{ block.super }} 27 | 28 | {% endblock %} 29 | 30 | {% block nav-global %} 31 | {% load menu %} 32 | {% generate_menu %} 33 | 78 | {% endblock %} 79 | 80 | 81 | 82 | {% block userlinks %} 83 | {% endblock %} 84 | 85 | {% load dingos_tags %} 86 | 87 | {% block content_title %} 88 |

{{ title }}

89 | {% endblock %} 90 | 91 | {% block title %}{% create_title title %}{% endblock %} 92 | 93 | {% block breadcrumbs %} 94 | 95 | 96 | {% comment %} 97 |
    98 | {% if view.breadcrumbs %} 99 | {% for breadcrumb in view.breadcrumbs %} 100 |
  • 101 | {% if forloop.last %} 102 | {% block last_crumb %} 103 | {{breadcrumb.0}} 104 | {% endblock %} 105 | {% elif breadcrumb.1 %} 106 | {{breadcrumb.0}} 107 | {% else %} 108 | {{breadcrumb.0}} 109 | {% endif %} 110 |
    • 111 | {% endfor %} 112 | {% else %} 113 |
  • 114 | RELOAD 115 |
    • 116 | {% endif %} 117 |
118 | {% endcomment %} 119 | 120 | {% endblock %} 121 | -------------------------------------------------------------------------------- /mantis/urls.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | from __future__ import unicode_literals 3 | 4 | from django.conf import settings 5 | from django.conf.urls import patterns, include, url 6 | from django.conf.urls.static import static 7 | 8 | # Uncomment the next two lines to enable the admin: 9 | from django.contrib import admin 10 | admin.autodiscover() 11 | 12 | urlpatterns = patterns('', 13 | # Grappeli documentation 14 | (r'^grappelli/', include('grappelli.urls')), 15 | 16 | # Admin documentation: 17 | url(r'^admin/doc/', include('django.contrib.admindocs.urls')), 18 | 19 | # Admin Interface 20 | url(r'^admin/', include(admin.site.urls)), 21 | 22 | # MANTIS Urls -- currently, we just take the stuff from DINGOS 23 | # but that is likely to change soon 24 | 25 | url(r'^mantis/', include('dingos.urls')), 26 | 27 | # Uncomment below to include URLs of MITRE's Yeti PoC app 28 | #url(r'^taxii/', include('yeti.urls')), 29 | 30 | ) + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) 31 | 32 | 33 | # We have to import menus.py somewhere after the URLs have been configured. 34 | # So, for now, we do it here. We used to do it in models.py, but for 35 | # some reason (probably a change in django proper), this stopped working. 36 | 37 | 38 | 39 | import menus 40 | 41 | -------------------------------------------------------------------------------- /mantis/wsgi.py: -------------------------------------------------------------------------------- 1 | """ 2 | WSGI config for project. 3 | 4 | This module contains the WSGI application used by Django's development server 5 | and any production WSGI deployments. It should expose a module-level variable 6 | named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover 7 | this application via the ``WSGI_APPLICATION`` setting. 8 | 9 | Usually you will have the standard Django WSGI application here, but it also 10 | might make sense to replace the whole Django WSGI application with a custom one 11 | that later delegates to the Django one. For example, you could introduce WSGI 12 | middleware here, or combine a Django application with an application of another 13 | framework. 14 | 15 | """ 16 | import os 17 | from os.path import abspath, dirname 18 | from sys import path 19 | 20 | SITE_ROOT = dirname(dirname(abspath(__file__))) 21 | path.append(SITE_ROOT) 22 | 23 | 24 | os.environ.setdefault("DJANGO_SETTINGS_MODULE", "django-mantis.settings") 25 | 26 | 27 | from django.core.wsgi import get_wsgi_application 28 | application = get_wsgi_application() -------------------------------------------------------------------------------- /quickstart.rst: -------------------------------------------------------------------------------- 1 | =================================================================================== 2 | QUICKSTART 3 | =================================================================================== 4 | 5 | In the ``django-mantis`` folder, do the following: 6 | 7 | - For easy demo usage with SQLite, do:: 8 | 9 | (mantis)$ bash quickstart.sh 10 | 11 | (Note that this uses a SQLite database file located in the ``/tmp`` directory: 12 | any imports you do in Mantis will therefore not survive a system restart. 13 | You can move the location of the SQLite database by modifying 14 | the line reading ``'/tmp/django-mantis_test.db'`` in ``mantis/settings/local.py``.) 15 | 16 | - For usage with exisiting and configured postgresql database, do:: 17 | 18 | (mantis)$ bash quickstart_psql 19 | 20 | 21 | **The script will ask, whether at this stage, you want to create an administrative 22 | user for Django. Answer with *yes* and provide user name, email address and password**. 23 | 24 | In detail, the bash script will do the following: 25 | 26 | #) Run the Django ``syncdb`` command, which 27 | 28 | #) creates tables for the models of all applications that are *not* 29 | using the Django `South`_ application for database migrations. 30 | #) asks you for user name, email address and password of an administrative Django user 31 | (you will need this username and password later to log on) 32 | 33 | #) Carry out (initial) database migrations for all MANTIS components 34 | using the `South`_ migrations that are part of the components' distribution 35 | (in subdirectory ``migrations``) 36 | 37 | #) Configure default naming schemata for the exisiting importer modules 38 | of MANTIS via calling the command ``mantis__set_naming`` for 39 | each such module 40 | 41 | #) Carry out the Django ``collect_static`` command, which copies over 42 | the static files for all applications to the ``static`` folder 43 | configured in the settings of MANTIS 44 | 45 | #) Show you (via the ``less`` command) this file and (after you quit ``less``), 46 | print the file to the console 47 | 48 | #) Start the testing web server running MANTIS via Django's ``runserver`` command 49 | on port 8000. 50 | 51 | Then try out the following: 52 | 53 | - Download: http://stix.mitre.org/downloads/APT1-STIX.zip and extract the files 54 | 55 | - For the files Mandiant_APT1_Report.xml and Appendix_G_IOCs_Full.xml do 56 | the following: 57 | 58 | - If you are using sqllite:: 59 | 60 | python manage.py mantis_stix_import --settings=mantis.settings.local --trace\ 61 | --marking_json=quickstart_examples/markings/minimal_marking.json\ 62 | --marking_pfill=source "Mandiant APT 1 Report"\ 63 | 64 | 65 | - If you are using postgresql:: 66 | 67 | python manage.py mantis_stix_import --settings=mantis.settings.local_psql --trace\ 68 | --marking_json=quickstart_examples/markings/minimal_marking.json\ 69 | --marking_pfill=source "Mandiant APT 1 Report"\ 70 | 71 | 72 | Start with Mandiant_APT1_Report.xml: that goes relatively fast; 73 | Appendix_G_IOCs_Full.xml will take about 20 minutes or so to import. 74 | 75 | **ATTENTION**: The import of large files takes quite a bit of memory (probably there is a memory leak 76 | somewhere, which will be ironed out in a future release). Be sure to give the system/virtual machine 77 | you are running the import of ``Appendix_G_IOCs_Full.xml`` on a fair amount of memory (4 GB definitely 78 | works). 79 | 80 | 81 | - Start the server (if the quickstart-script has not started it already for you) 82 | with 83 | 84 | - If you are using sqllite:: 85 | 86 | python manage.py runserver 8000 --traceback --settings=mantis.settings.local 87 | 88 | - If you are using postgresql:: 89 | 90 | python manage.py runserver 8000 --traceback --settings=mantis.settings.local_psql 91 | 92 | - Browse to:: 93 | 94 | 127.0.0.1:8000/mantis/View/InfoObject 95 | 96 | 97 | and start looking around: 98 | 99 | - Select a filter for ``stix.mitre.org:STIX_Package`` 100 | in the filter box in the top-right corner. 101 | 102 | - This will show you all ``STIX_Package`` 103 | objects that are in the system (two, if you imported both ``Mandiant_APT1_Report.xml`` 104 | and ``Appendix_G_IOC_Full.xml``). 105 | 106 | - Click on one of the two objects and start 107 | exploring (have a look at the screenshots in the documentation for 108 | a quick guide through the application.) 109 | 110 | You can also have a look at the Django admin interface at:: 111 | 112 | 127.0.0.1:8000/admin 113 | 114 | 115 | .. _South: http://south.readthedocs.org/en/latest/ 116 | -------------------------------------------------------------------------------- /quickstart.sh: -------------------------------------------------------------------------------- 1 | python manage.py syncdb --traceback --settings=mantis.settings.local 2 | python manage.py migrate dingos --traceback --settings=mantis.settings.local 3 | python manage.py migrate mantis_core --traceback --settings=mantis.settings.local 4 | python manage.py mantis_openioc_set_naming --settings=mantis.settings.local --trace 5 | python manage.py mantis_stix_set_naming --settings=mantis.settings.local --trace 6 | python manage.py collectstatic --settings=mantis.settings.local_psql --trace 7 | less quickstart.rst 8 | cat quickstart.rst 9 | python manage.py runserver 8000 --traceback --settings=mantis.settings.local 10 | 11 | -------------------------------------------------------------------------------- /quickstart_examples/markings/minimal_marking.json: -------------------------------------------------------------------------------- 1 | {"Mechanism" : {"Category":"Commandline Import", 2 | "User": "DINGO[_username]", 3 | "Commandline": {"Command":"DINGO[_command]", 4 | "KeywordArguments":"DINGO[_kargs]", 5 | "Arguments":"DINGO[_args]"} 6 | }, 7 | "Source" : "DINGO[source]"} -------------------------------------------------------------------------------- /quickstart_psql.sh: -------------------------------------------------------------------------------- 1 | python manage.py syncdb --traceback --settings=mantis.settings.local_psql 2 | python manage.py migrate dingos --traceback --settings=mantis.settings.local_psql 3 | python manage.py migrate mantis_core --traceback --settings=mantis.settings.local_psql 4 | python manage.py mantis_openioc_set_naming --settings=mantis.settings.local_psql --trace 5 | python manage.py mantis_stix_set_naming --settings=mantis.settings.local_psql --trace 6 | python manage.py collectstatic --settings=mantis.settings.local_psql --trace 7 | less quickstart.rst 8 | cat quickstart.rst 9 | python manage.py runserver 8000 --traceback --settings=mantis.settings.local_psql 10 | 11 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # This file is here because many Platforms as a Service look for 2 | # requirements.txt in the root directory of a project. 3 | -r requirements/production.txt -------------------------------------------------------------------------------- /requirements/base.txt: -------------------------------------------------------------------------------- 1 | # Versions are left out on purpose in order for you to use the latest ones. 2 | # After the first "pip install -r", just run "pip freeze" and add the version 3 | # to each package in each requirements/*.txt. 4 | 5 | docutils>=0.10 6 | Django>=1.6 7 | South>=0.7.6 8 | 9 | #For some reason, django-simple-menus cannot be installed together in 10 | #one go with Django; so we take it out 11 | #django-simple-menu>=1.0.6 12 | 13 | django-dingos>=0.2.1,<0.3.0 14 | django-mantis-core>=0.2.0,<0.3.0 15 | django-mantis-stix-importer>=0.2.0,<0.3.0 16 | django-mantis-openioc-importer>=0.2.0,<0.3.0 17 | django-mantis-iodef-importer>=0.1.0,<0.3.0 18 | 19 | -------------------------------------------------------------------------------- /requirements/local.txt: -------------------------------------------------------------------------------- 1 | -r testing.txt 2 | 3 | django-debug-toolbar>=0.10.2 4 | Sphinx 5 | -------------------------------------------------------------------------------- /requirements/production.txt: -------------------------------------------------------------------------------- 1 | -r base.txt 2 | 3 | -------------------------------------------------------------------------------- /requirements/testing.txt: -------------------------------------------------------------------------------- 1 | -r base.txt 2 | 3 | mock 4 | model-mommy -------------------------------------------------------------------------------- /upgrade.sh: -------------------------------------------------------------------------------- 1 | echo "Upgrading from v0.1.0 to v0.2.0" 2 | echo "===============================" 3 | echo "" 4 | echo "Adding tables for models that have been introduced in v0.2.0" 5 | echo "------------------------------------------------------------" 6 | python manage.py migrate dingos --traceback --settings=mantis.settings.local 7 | echo "" 8 | echo "Adding static files that have been introduced in v0.2.0" 9 | echo "------------------------------------------------------------" 10 | python manage.py collectstatic --settings=mantis.settings.local --trace 11 | 12 | -------------------------------------------------------------------------------- /upgrade_psql.sh: -------------------------------------------------------------------------------- 1 | echo "Upgrading from v0.1.0 to v0.2.0" 2 | echo "===============================" 3 | echo "" 4 | echo "Adding tables for models that have been introduced in v0.2.0" 5 | echo "------------------------------------------------------------" 6 | python manage.py migrate dingos --traceback --settings=mantis.settings.local_psql 7 | echo "" 8 | echo "Adding static files that have been introduced in v0.2.0" 9 | echo "------------------------------------------------------------" 10 | python manage.py collectstatic --settings=mantis.settings.local_psql --trace 11 | 12 | 13 | -------------------------------------------------------------------------------- /vagrant/README.txt: -------------------------------------------------------------------------------- 1 | This directory contains vagrant files for automated provisioning 2 | of virtual machines running Mantis using Vagrant (www.vagrantup.com). 3 | Please refer to Mantis's documentation regarding installation 4 | of Mantis for details. 5 | --------------------------------------------------------------------------------