[Bps-public-commit] rtir-extension-misp branch master updated. 2fd76a2eb3c9a1ae0faf3c6798207e176818eeca

BPS Git Server git at git.bestpractical.com
Tue Oct 12 15:41:32 UTC 2021 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rtir-extension-misp".

The branch, master has been updated
       via  2fd76a2eb3c9a1ae0faf3c6798207e176818eeca (commit)
       via  3141c06f46fe4e4f17e43f52ba2bdae5e08f88c2 (commit)
       via  84274e26ea10902368b616fe2e02abe337520249 (commit)
      from  0200ffd96fc6f625df9fab2e28d563566054e6ae (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2fd76a2eb3c9a1ae0faf3c6798207e176818eeca
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Oct 12 23:41:07 2021 +0800

    Link MISP custom fields to MISP site

diff --git a/etc/initialdata b/etc/initialdata
index 8b71cce..6436407 100644
--- a/etc/initialdata
+++ b/etc/initialdata
@@ -6,11 +6,13 @@ our @CustomFields = (
         Type        => 'FreeformSingle',
         Disabled    => 0,
         Queue       => 'Incidents',
+        LinkValueTo => '__MISPURL__/events/view/__CustomField__',
     },
     {   Name        => 'MISP Event UUID',
         Type        => 'FreeformSingle',
         Disabled    => 0,
         Queue       => 'Incidents',
+        LinkValueTo => '__MISPURL__/events/view/__CustomField__',
     },
     {   Name        => 'MISP RTIR Object ID',
         Type        => 'FreeformSingle',
diff --git a/lib/RTIR/Extension/MISP.pm b/lib/RTIR/Extension/MISP.pm
index d06c0d0..cc621b5 100644
--- a/lib/RTIR/Extension/MISP.pm
+++ b/lib/RTIR/Extension/MISP.pm
@@ -336,4 +336,18 @@ sub CreateMISPEvent {
     }
 }
 
+{
+    use RT::ObjectCustomFieldValue;
+    no warnings 'redefine';
+    my $orig = \&RT::ObjectCustomFieldValue::_FillInTemplateURL;
+    *RT::ObjectCustomFieldValue::_FillInTemplateURL = sub {
+        my $self = shift;
+        my $url  = shift;
+        return undef unless defined $url && length $url;
+        my $misp_url = RT->Config->Get('ExternalFeeds')->{MISP}[0]{URI};
+        $url =~ s!__MISPURL__!$misp_url!g;
+        return $orig->( $self, $url );
+    };
+}
+
 1;
commit 3141c06f46fe4e4f17e43f52ba2bdae5e08f88c2
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Oct 12 23:38:00 2021 +0800

    Add more fields in "MISP Event Details" widget

diff --git a/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd b/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
index 0537398..9680520 100644
--- a/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
+++ b/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
@@ -3,9 +3,17 @@
         title_href => $event_link,
         class      => 'ticket-info-cfs',
 &>
-<p>ID: <% $misp_json->{Event}{id} %></p>
-<p>UUID: <% $misp_json->{Event}{uuid} %></p>
-<p>Date: <% $misp_json->{Event}{date} %></p>
+
+% for my $field ( sort keys %info ) {
+<div class="form-row">
+  <div class="col-3 label"><% loc($field) %></div>
+  <div class="col-9 value">
+    <span class="current-value">
+      <% $info{$field} // '' %>
+    </span>
+  </div>
+</div>
+% }
 </&>
 <%init>
 my $event_id = $Ticket->FirstCustomFieldValue('MISP Event ID');
@@ -14,6 +22,20 @@ return unless $event_id;
 my $event_link = RTIR::Extension::MISP::GetMISPBaseURL() . "/events/view/$event_id";
 my $misp_json = RTIR::Extension::MISP::FetchEventDetails($event_id);
 
+my %info;
+my %threat_map = ( 1 => 'High', 2 => 'Medium', 3 => 'Low', 4 => 'Undefined' );
+$info{'Threat Level'} = $threat_map{ $misp_json->{Event}{threat_level_id} };
+
+my %analysis_map = ( 0 => 'Initial', 1 => 'Ongoing', 3 => 'Completed' );
+$info{'Analysis'} = $analysis_map{ $misp_json->{Event}{analysis} };
+
+$info{'Creator org'} = $misp_json->{Event}{Orgc}{name};
+$info{'Owner org'} = $misp_json->{Event}{Org}{name};
+$info{'Date'} = $misp_json->{Event}{date};
+$info{'Published'} = $misp_json->{Event}{published} ? 'Yes' : 'No';
+
+my $object_count = scalar @{$misp_json->{Event}{Object}};
+$info{'#Attribute'} = "$misp_json->{Event}{attribute_count}, ($object_count Objects)";
 </%init>
 <%args>
 $Ticket
commit 84274e26ea10902368b616fe2e02abe337520249
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Oct 12 22:38:57 2021 +0800

    Add UUID::Tiny dep

diff --git a/META.yml b/META.yml
index 0d9e2ed..fde7ce2 100644
--- a/META.yml
+++ b/META.yml
@@ -20,6 +20,7 @@ no_index:
     - html
     - inc
 requires:
+  UUID::Tiny: 0
   perl: 5.10.1
 resources:
   license: http://opensource.org/licenses/gpl-license.php
diff --git a/Makefile.PL b/Makefile.PL
index 95fd1f0..e056a70 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -7,5 +7,7 @@ repository 'https://github.com/bestpractical/rtir-extension-misp';
 requires_rt '5.0.0';
 rt_too_new '5.2.0';
 
+requires 'UUID::Tiny';
+
 sign;
 WriteAll;
-----------------------------------------------------------------------

Summary of changes:
 META.yml                                           |  1 +
 Makefile.PL                                        |  2 ++
 etc/initialdata                                    |  2 ++
 .../RTIR/Incident/Display.html/RightColumnEnd      | 28 +++++++++++++++++++---
 lib/RTIR/Extension/MISP.pm                         | 14 +++++++++++
 5 files changed, 44 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
rtir-extension-misp

More information about the Bps-public-commit mailing list