Skip to content

Commit

Permalink
feat: misp event reports (#269)
Browse files Browse the repository at this point in the history
  • Loading branch information
anasmuhmd authored Dec 26, 2024
1 parent a728b41 commit 898b365
Show file tree
Hide file tree
Showing 19 changed files with 1,119 additions and 523 deletions.
4 changes: 4 additions & 0 deletions docs/plugins/misp/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,7 @@ fabric {
## Data sources

{{< plugin-resources "misp" "data-source" >}}

## Publishers

{{< plugin-resources "misp" "publisher" >}}
101 changes: 101 additions & 0 deletions docs/plugins/misp/publishers/misp_event_reports.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
---
title: "`misp_event_reports` publisher"
plugin:
name: blackstork/misp
description: "Publishes content to misp event reports"
tags: []
version: "v0.4.2"
source_github: "https://github.com/blackstork-io/fabric/tree/main/internal/misp/"
resource:
type: publisher
type: docs
---

{{< breadcrumbs 2 >}}

{{< plugin-resource-header "blackstork/misp" "misp" "v0.4.2" "misp_event_reports" "publisher" >}}

## Installation

To use `misp_event_reports` publisher, you must install the plugin `blackstork/misp`.

To install the plugin, add the full plugin name to the `plugin_versions` map in the Fabric global configuration block (see [Global configuration]({{< ref "configs.md#global-configuration" >}}) for more details), as shown below:

```hcl
fabric {
plugin_versions = {
"blackstork/misp" = ">= v0.4.2"
}
}
```

Note the version constraint set for the plugin.

#### Formats

The publisher supports the following document formats:

- `md`

To set the output format, specify it inside `publish` block with `format` argument.


#### Configuration

The publisher supports the following configuration arguments:

```hcl
config publish misp_event_reports {
# misp api key
#
# Required string.
# Must be non-empty
# For example:
api_key = "some string"
# misp base url
#
# Required string.
# Must be non-empty
# For example:
base_url = "some string"
# skip ssl verification
#
# Optional bool.
# Default value:
skip_ssl = false
}
```

#### Usage

The publisher supports the following execution arguments:

```hcl
# In addition to the arguments listed, `publish` block accepts `format` argument.
publish misp_event_reports {
# Required string.
# Must be non-empty
# For example:
event_id = "some string"
# Required string.
# Must be non-empty
# For example:
name = "some string"
# Optional string.
# Must be one of: "0", "1", "2", "3", "4", "5"
# Default value:
distribution = null
# Optional string.
# Default value:
sharing_group_id = null
}
```

15 changes: 15 additions & 0 deletions docs/plugins/plugins.json
Original file line number Diff line number Diff line change
Expand Up @@ -581,6 +581,21 @@
"version": "v0.4.2",
"shortname": "misp",
"resources": [
{
"name": "misp_event_reports",
"type": "publisher",
"config_params": [
"api_key",
"base_url",
"skip_ssl"
],
"arguments": [
"distribution",
"event_id",
"name",
"sharing_group_id"
]
},
{
"name": "misp_events",
"type": "data-source",
Expand Down
21 changes: 21 additions & 0 deletions examples/templates/misp/misp_event_reports.fabric
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
document "misp_event_reports" {
meta {
name = "example_document"
}

title = "Publish"

publish misp_event_reports "myreport" {
format = "md"
event_id = "1"
name = "doc.md"
distribution = "0"
config {
api_key = ""
base_url = "https://localhost"
skip_ssl = true
}
}

}

2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ require (
github.com/golang-cz/devslog v0.0.8
github.com/google/go-github/v58 v58.0.0
github.com/google/go-querystring v1.1.0
github.com/google/uuid v1.6.0
github.com/hashicorp/go-hclog v1.6.3
github.com/hashicorp/go-plugin v1.6.1
github.com/hashicorp/hcl/v2 v2.20.1
Expand Down Expand Up @@ -107,7 +108,6 @@ require (
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect
github.com/hashicorp/yamux v0.1.1 // indirect
github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f // indirect
Expand Down
14 changes: 14 additions & 0 deletions internal/misp/client/misp_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ func (client *Client) Do(ctx context.Context, method, path string, payload inter

req.Header = make(http.Header)
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Accept", "application/json")
client.auth(req)
resp, err = client.client.Do(req)
if err != nil {
Expand All @@ -86,3 +87,16 @@ func (client *Client) RestSearchEvents(ctx context.Context, req RestSearchEvents
}
return
}

func (client *Client) AddEventReport(ctx context.Context, req AddEventReportRequest) (events AddEventReportResponse, err error) {
resp, err := client.Do(ctx, http.MethodPost, "/event_reports/add/"+req.EventId, req)
if err != nil {
return
}
defer resp.Body.Close()
err = json.NewDecoder(resp.Body).Decode(&events)
if err != nil {
return
}
return
}
27 changes: 27 additions & 0 deletions internal/misp/client/misp_models.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,30 @@ type Event struct {
SightingTimestamp string `json:"sighting_timestamp"`
DisableCorrelation bool `json:"disable_correlation"`
}

type AddEventReportRequest struct {
Uuid string `json:"uuid"`
EventId string `json:"event_id"`
Name string `json:"name"`
Content string `json:"content"`
Distribution *string `json:"distribution"`
SharingGroupId *string `json:"sharing_group_id"`
Timestamp *string `json:"timestamp"`
Deleted bool `json:"deleted"`
}

type EventReport struct {
Id string `json:"id"`
Uuid string `json:"uuid"`
EventId string `json:"event_id"`
Name string `json:"name"`
Content string `json:"content"`
Distribution string `json:"distribution"`
SharingGroupId *string `json:"sharing_group_id"`
Timestamp *string `json:"timestamp"`
Deleted bool `json:"deleted"`
}

type AddEventReportResponse struct {
EventReport EventReport `json:"EventReport"`
}
4 changes: 4 additions & 0 deletions internal/misp/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (

type Client interface {
RestSearchEvents(ctx context.Context, req client.RestSearchEventsRequest) (events client.RestSearchEventsResponse, err error)
AddEventReport(ctx context.Context, req client.AddEventReportRequest) (resp client.AddEventReportResponse, err error)
}

type ClientLoaderFn func(cfg *dataspec.Block) Client
Expand Down Expand Up @@ -49,6 +50,9 @@ func Plugin(version string, loader ClientLoaderFn) *plugin.Schema {
DataSources: plugin.DataSources{
"misp_events": makeMispEventsDataSource(loader),
},
Publishers: plugin.Publishers{
"misp_event_reports": makeMispEventReportsPublisher(loader),
},
}
}

Expand Down
Loading

0 comments on commit 898b365

Please sign in to comment.