[Bps-public-commit] rtir-extension-misp branch master updated. f626878577839fa9635838c6f8add47833c012a8
BPS Git Server
git at git.bestpractical.com
Wed Oct 6 20:19:04 UTC 2021
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rtir-extension-misp".
The branch, master has been updated
via f626878577839fa9635838c6f8add47833c012a8 (commit)
via e1cd870cc2b1babc979749d7e56df4ce642ee90d (commit)
via bfe295e220ffdf575ead6fdee52ccb8f69c8a9e3 (commit)
from 6bdbc6f22ed67303213127a18377cadbc735b333 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f626878577839fa9635838c6f8add47833c012a8
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Oct 7 04:11:05 2021 +0800
Add ApiKeyAuth to configuration
The name(ApiKeyAuth) is from "MISP Automation API"
diff --git a/README b/README
index ee4c550..49534ac 100644
--- a/README
+++ b/README
@@ -44,6 +44,7 @@ CONFIGURATION
URI => 'https://mymisp.example.com', # Change to your MISP
Description => 'My MISP Feed',
DaysToFetch => 5, # For the feed page, how many days back to fetch
+ ApiKeyAuth => 'API SECRET KEY', # Change to your real key
},
],
);
diff --git a/etc/MISP_Config.pm b/etc/MISP_Config.pm
index e67049a..6c01381 100644
--- a/etc/MISP_Config.pm
+++ b/etc/MISP_Config.pm
@@ -1,7 +1,7 @@
=pod
This is an example configuration for a MISP feed. Replace the
-URI with the MISP instance you want to query.
+URI/ApiKeyAuth with the MISP instance you want to query.
Set(%ExternalFeeds,
'MISP' => [
@@ -9,6 +9,7 @@ Set(%ExternalFeeds,
URI => 'https://mymisp.example.com',
Description => 'My MISP Feed',
DaysToFetch => 5,
+ ApiKeyAuth => 'API SECRET KEY',
},
],
);
diff --git a/lib/RT/IR/ExternalFeeds_Vendor.pm b/lib/RT/IR/ExternalFeeds_Vendor.pm
index d962898..41f5aaa 100644
--- a/lib/RT/IR/ExternalFeeds_Vendor.pm
+++ b/lib/RT/IR/ExternalFeeds_Vendor.pm
@@ -41,7 +41,7 @@ sub fetch_misp_feed {
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
my $default_headers = HTTP::Headers->new(
- 'Authorization' => '', # REST key goes here, move to configuration
+ 'Authorization' => $self->{misp_feeds}{$name}{ApiKeyAuth},
'Accept' => 'application/json',
'Content-Type' => 'application/json',
);
diff --git a/lib/RTIR/Extension/MISP.pm b/lib/RTIR/Extension/MISP.pm
index 42000fe..c0351f5 100644
--- a/lib/RTIR/Extension/MISP.pm
+++ b/lib/RTIR/Extension/MISP.pm
@@ -68,6 +68,7 @@ instance you want RTIR to integrate with.
URI => 'https://mymisp.example.com', # Change to your MISP
Description => 'My MISP Feed',
DaysToFetch => 5, # For the feed page, how many days back to fetch
+ ApiKeyAuth => 'API SECRET KEY', # Change to your real key
},
],
);
@@ -132,8 +133,11 @@ This is free software, licensed under:
sub GetUserAgent {
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
+ my $misp_config = RT->Config->Get('ExternalFeeds')->{MISP};
+ RT->Logger->error("Unable to load MISP configuration") unless $misp_config;
+
my $default_headers = HTTP::Headers->new(
- 'Authorization' => '', # Get this from config, add here for now
+ 'Authorization' => $misp_config->[0]{ApiKeyAuth},
'Accept' => 'application/json',
'Content-Type' => 'application/json',
);
commit e1cd870cc2b1babc979749d7e56df4ce642ee90d
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Oct 7 03:57:54 2021 +0800
Show MISP feeds in a separate widget
diff --git a/html/Callbacks/RTIR-Extension-MISP/RTIR/Tools/ExternalFeeds.html/AfterFeedsList b/html/Callbacks/RTIR-Extension-MISP/RTIR/Tools/ExternalFeeds.html/AfterFeedsList
index d7a29fa..06b4c41 100644
--- a/html/Callbacks/RTIR-Extension-MISP/RTIR/Tools/ExternalFeeds.html/AfterFeedsList
+++ b/html/Callbacks/RTIR-Extension-MISP/RTIR/Tools/ExternalFeeds.html/AfterFeedsList
@@ -1,3 +1,8 @@
+<&|/Widgets/TitleBox,
+ title => loc("MISP"),
+ class => "fullwidth",
+ bodyclass => "",
+&>
% $$FoundFeedRef = 1;
% my $i = 1;
<div class="table-responsive">
@@ -16,6 +21,7 @@
</table>
</div>
+</&>
<%init>
my ($ok, $msg) = $FeedsObj->InitMISP();
commit bfe295e220ffdf575ead6fdee52ccb8f69c8a9e3
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Oct 7 03:57:06 2021 +0800
Add MISP related custom fields
diff --git a/README b/README
index 5b8a98e..ee4c550 100644
--- a/README
+++ b/README
@@ -20,6 +20,15 @@ INSTALLATION
Plugin('RTIR::Extension::MISP');
+ make initdb
+ Only run this the first time you install this module.
+
+ If you run this twice, you will end up with duplicate data in your
+ database.
+
+ If you are upgrading this module, check for upgrading instructions
+ in case changes need to be made to your database.
+
Clear your mason cache
rm -rf /opt/rt4/var/mason_data/obj
diff --git a/etc/initialdata b/etc/initialdata
new file mode 100644
index 0000000..75c1cc6
--- /dev/null
+++ b/etc/initialdata
@@ -0,0 +1,17 @@
+use strict;
+use warnings;
+
+our @CustomFields = (
+ { Name => 'MISP Event ID',
+ Type => 'FreeformSingle',
+ Disabled => 0,
+ Queue => 'Incidents',
+ },
+ { Name => 'MISP Event UUID',
+ Type => 'FreeformSingle',
+ Disabled => 0,
+ Queue => 'Incidents',
+ },
+);
+
+1;
diff --git a/lib/RTIR/Extension/MISP.pm b/lib/RTIR/Extension/MISP.pm
index 3947f8d..42000fe 100644
--- a/lib/RTIR/Extension/MISP.pm
+++ b/lib/RTIR/Extension/MISP.pm
@@ -39,6 +39,16 @@ Add this line:
Plugin('RTIR::Extension::MISP');
+=item C<make initdb>
+
+Only run this the first time you install this module.
+
+If you run this twice, you will end up with duplicate data
+in your database.
+
+If you are upgrading this module, check for upgrading instructions
+in case changes need to be made to your database.
+
=item Clear your mason cache
rm -rf /opt/rt4/var/mason_data/obj
-----------------------------------------------------------------------
Summary of changes:
README | 10 ++++++++++
etc/MISP_Config.pm | 3 ++-
etc/initialdata | 17 +++++++++++++++++
.../RTIR/Tools/ExternalFeeds.html/AfterFeedsList | 6 ++++++
lib/RT/IR/ExternalFeeds_Vendor.pm | 2 +-
lib/RTIR/Extension/MISP.pm | 16 +++++++++++++++-
6 files changed, 51 insertions(+), 3 deletions(-)
create mode 100644 etc/initialdata
hooks/post-receive
--
rtir-extension-misp
More information about the Bps-public-commit
mailing list