[Bps-public-commit] rtir-extension-misp branch master updated. 7e19767603f07d09b8d2182a4947e303c8999a35
BPS Git Server
git at git.bestpractical.com
Wed Oct 27 20:37:12 UTC 2021
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rtir-extension-misp".
The branch, master has been updated
via 7e19767603f07d09b8d2182a4947e303c8999a35 (commit)
via 39ca8de7f95dcb94efbb849a2e0dcd02e1d092f9 (commit)
via 9d19c362b3dc489892b7eff3973ad1a1581dc648 (commit)
via 85b335830988b2fec731be7d8077ad870548e42c (commit)
via 800c0d6fc5dd0fbc4c6e07b431cebd31f04b4c72 (commit)
from 2fd76a2eb3c9a1ae0faf3c6798207e176818eeca (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7e19767603f07d09b8d2182a4947e303c8999a35
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Wed Oct 27 16:34:57 2021 -0400
Version 0.02
diff --git a/Changes b/Changes
index a6affe8..284be6d 100644
--- a/Changes
+++ b/Changes
@@ -1,4 +1,13 @@
Revision history for RTIR-Extension-MISP
+0.02 2021-10-27
+ - Support putting MISP ID custom fields in custom field groupings
+ - Document optional custom field grouping configuration
+ - Add UUID::Tiny dependency to Makefile.PL
+ - Add more fields to the MISP Event Details portlet
+ - Link MISP custom fields to the corresponding event in the configured MISP instance
+ - Use the MISP blue color for the MISP portlet
+ - Ajaxify the MISP portlet for faster page load time
+
0.01 2021-10-08
- Initial version
diff --git a/MANIFEST b/MANIFEST
index b2a5db5..60cd922 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -7,6 +7,7 @@ html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/ProcessArguments
html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
html/Callbacks/RTIR-Extension-MISP/RTIR/Tools/ExternalFeeds.html/AfterFeedsList
html/Callbacks/RTIR-Extension-MISP/RTIR/Tools/ExternalFeeds.html/DisplayFeedContent
+html/Helpers/MISPEventDetails
inc/Module/Install.pm
inc/Module/Install/Base.pm
inc/Module/Install/Can.pm
@@ -27,3 +28,4 @@ MANIFEST This list of files
META.yml
patches/Add-callbacks-to-the-feed-listing-and-display-pages.patch
README
+static/css/rtir-extension-misp.css
diff --git a/META.yml b/META.yml
index 4e75968..4cdee8e 100644
--- a/META.yml
+++ b/META.yml
@@ -26,7 +26,7 @@ requires:
resources:
license: http://opensource.org/licenses/gpl-license.php
repository: https://github.com/bestpractical/rtir-extension-misp
-version: '0.01'
+version: '0.02'
x_module_install_rtx_version: '0.42'
x_requires_rt: 5.0.0
x_rt_too_new: 5.2.0
diff --git a/lib/RTIR/Extension/MISP.pm b/lib/RTIR/Extension/MISP.pm
index b1d656e..617b4cd 100644
--- a/lib/RTIR/Extension/MISP.pm
+++ b/lib/RTIR/Extension/MISP.pm
@@ -6,7 +6,7 @@ use LWP::UserAgent;
use JSON;
use UUID::Tiny ':std';
-our $VERSION = '0.01';
+our $VERSION = '0.02';
RT->AddStyleSheets('rtir-extension-misp.css');
commit 39ca8de7f95dcb94efbb849a2e0dcd02e1d092f9
Merge: 2fd76a2 9d19c36
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Wed Oct 27 16:26:47 2021 -0400
Merge branch 'ajax-details-widget'
commit 9d19c362b3dc489892b7eff3973ad1a1581dc648
Author: Jim Brandt <jbrandt at bestpractical.com>
Date: Wed Oct 27 16:26:36 2021 -0400
Document optional custom field groupings configuration
diff --git a/README b/README
index b26d356..9be6fd1 100644
--- a/README
+++ b/README
@@ -38,6 +38,7 @@ INSTALLATION
Restart your webserver
CONFIGURATION
+ Base MISP Configuration
Set the following in your RT_SiteConfig.pm with details for the MISP
instance you want RTIR to integrate with.
@@ -52,6 +53,22 @@ CONFIGURATION
],
);
+ MISP Custom Fields
+ If you want to display the MISP ID custom fields in a separate portlet
+ on the incident page, you can customize your custom field portlets with
+ something like this:
+
+ Set(%CustomFieldGroupings,
+ 'RTIR::Ticket' => [
+ 'Networking' => ['IP', 'Domain'],
+ 'Details' => ['How Reported','Reporter Type','Customer',
+ 'Description', 'Resolution', 'Function', 'Classification',
+ 'Customer',
+ 'Netmask','Port','Where Blocked'],
+ 'MISP IDs' => ['MISP Event ID', 'MISP Event UUID'], # Add/remove CFs as needed
+ ],
+ );
+
DETAILS
This integration adds several different ways to work between the MISP
and RTIR systems as described below.
diff --git a/lib/RTIR/Extension/MISP.pm b/lib/RTIR/Extension/MISP.pm
index dc7db4f..b1d656e 100644
--- a/lib/RTIR/Extension/MISP.pm
+++ b/lib/RTIR/Extension/MISP.pm
@@ -65,6 +65,8 @@ in case changes need to be made to your database.
=head1 CONFIGURATION
+=head2 Base MISP Configuration
+
Set the following in your C<RT_SiteConfig.pm> with details for the MISP
instance you want RTIR to integrate with.
@@ -79,6 +81,23 @@ instance you want RTIR to integrate with.
],
);
+=head2 MISP Custom Fields
+
+If you want to display the MISP ID custom fields in a separate portlet on the
+incident page, you can customize your custom field portlets with something
+like this:
+
+ Set(%CustomFieldGroupings,
+ 'RTIR::Ticket' => [
+ 'Networking' => ['IP', 'Domain'],
+ 'Details' => ['How Reported','Reporter Type','Customer',
+ 'Description', 'Resolution', 'Function', 'Classification',
+ 'Customer',
+ 'Netmask','Port','Where Blocked'],
+ 'MISP IDs' => ['MISP Event ID', 'MISP Event UUID'], # Add/remove CFs as needed
+ ],
+ );
+
=head1 DETAILS
This integration adds several different ways to work between the MISP and
commit 85b335830988b2fec731be7d8077ad870548e42c
Author: sunnavy <sunnavy at bestpractical.com>
Date: Tue Oct 26 03:18:59 2021 +0800
Ajaxify MISP widget to speed up main page load
diff --git a/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd b/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
index 9589372..675ea81 100644
--- a/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
+++ b/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
@@ -1,42 +1,16 @@
-<&| /Widgets/TitleBox,
- title => loc("MISP Event Details"),
- title_href => $event_link,
- class => 'ticket-info-misp',
-&>
+<div class="ticket-info-misp"><&|/l&>Loading...</&></div>
+
+<script type="text/javascript">
+jQuery( function() {
+ jQuery('.ticket-info-misp').load(RT.Config.WebPath + '/Helpers/MISPEventDetails?EventID=<% $event_id %> .titlebox');
+});
+</script>
-% for my $field ( sort keys %info ) {
-<div class="form-row">
- <div class="col-3 label"><% loc($field) %></div>
- <div class="col-9 value">
- <span class="current-value">
- <% $info{$field} // '' %>
- </span>
- </div>
-</div>
-% }
-</&>
<%init>
my $event_id = $Ticket->FirstCustomFieldValue('MISP Event ID');
return unless $event_id;
-
-my $event_link = RTIR::Extension::MISP::GetMISPBaseURL() . "/events/view/$event_id";
-my $misp_json = RTIR::Extension::MISP::FetchEventDetails($event_id);
-
-my %info;
-my %threat_map = ( 1 => 'High', 2 => 'Medium', 3 => 'Low', 4 => 'Undefined' );
-$info{'Threat Level'} = $threat_map{ $misp_json->{Event}{threat_level_id} };
-
-my %analysis_map = ( 0 => 'Initial', 1 => 'Ongoing', 3 => 'Completed' );
-$info{'Analysis'} = $analysis_map{ $misp_json->{Event}{analysis} };
-
-$info{'Creator org'} = $misp_json->{Event}{Orgc}{name};
-$info{'Owner org'} = $misp_json->{Event}{Org}{name};
-$info{'Date'} = $misp_json->{Event}{date};
-$info{'Published'} = $misp_json->{Event}{published} ? 'Yes' : 'No';
-
-my $object_count = scalar @{$misp_json->{Event}{Object}};
-$info{'#Attribute'} = "$misp_json->{Event}{attribute_count}, ($object_count Objects)";
</%init>
+
<%args>
$Ticket
</%args>
diff --git a/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd b/html/Helpers/MISPEventDetails
similarity index 76%
copy from html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
copy to html/Helpers/MISPEventDetails
index 9589372..dc48b49 100644
--- a/html/Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd
+++ b/html/Helpers/MISPEventDetails
@@ -6,7 +6,7 @@
% for my $field ( sort keys %info ) {
<div class="form-row">
- <div class="col-3 label"><% loc($field) %></div>
+ <div class="col-3 label"><% loc($field) %>:</div>
<div class="col-9 value">
<span class="current-value">
<% $info{$field} // '' %>
@@ -15,12 +15,11 @@
</div>
% }
</&>
-<%init>
-my $event_id = $Ticket->FirstCustomFieldValue('MISP Event ID');
-return unless $event_id;
-my $event_link = RTIR::Extension::MISP::GetMISPBaseURL() . "/events/view/$event_id";
-my $misp_json = RTIR::Extension::MISP::FetchEventDetails($event_id);
+% $m->abort();
+<%init>
+my $event_link = RTIR::Extension::MISP::GetMISPBaseURL() . "/events/view/$EventID";
+my $misp_json = RTIR::Extension::MISP::FetchEventDetails($EventID);
my %info;
my %threat_map = ( 1 => 'High', 2 => 'Medium', 3 => 'Low', 4 => 'Undefined' );
@@ -35,8 +34,9 @@ $info{'Date'} = $misp_json->{Event}{date};
$info{'Published'} = $misp_json->{Event}{published} ? 'Yes' : 'No';
my $object_count = scalar @{$misp_json->{Event}{Object}};
-$info{'#Attribute'} = "$misp_json->{Event}{attribute_count}, ($object_count Objects)";
+$info{'Number of Attributes'} = "$misp_json->{Event}{attribute_count}, ($object_count Objects)";
</%init>
+
<%args>
-$Ticket
+$EventID
</%args>
-----------------------------------------------------------------------
Summary of changes:
Changes | 9 +++++
MANIFEST | 2 ++
META.yml | 3 +-
README | 17 +++++++++
.../RTIR/Incident/Display.html/RightColumnEnd | 42 +++++-----------------
.../RightColumnEnd => Helpers/MISPEventDetails} | 18 +++++-----
lib/RTIR/Extension/MISP.pm | 23 +++++++++++-
static/css/rtir-extension-misp.css | 1 +
8 files changed, 70 insertions(+), 45 deletions(-)
copy html/{Callbacks/RTIR-Extension-MISP/RTIR/Incident/Display.html/RightColumnEnd => Helpers/MISPEventDetails} (73%)
create mode 100644 static/css/rtir-extension-misp.css
hooks/post-receive
--
rtir-extension-misp
More information about the Bps-public-commit
mailing list