#170 Add tags MISP:type and MISP:category on observable from MISP

TheHive-Project · May 9, 2017 · d791bd5 · d791bd5
1 parent 12e2550
commit d791bd5
Show file tree

Hide file tree

Showing 4 changed files with 176 additions and 168 deletions.
diff --git a/thehive-backend/app/models/Migration.scala b/thehive-backend/app/models/Migration.scala
@@ -71,7 +71,7 @@ class Migration(
           c + ("owner" → owner)
         },
 
-        removeEntity("analyzer")(_ ⇒ false), // analyzer is now stored in cortex
+        removeEntity("analyzer")(_ ⇒ true), // analyzer is now stored in cortex
 
         addAttribute("case_artifact", "reports" → JsString("{}")), // add short reports in artifact
 
@@ -124,6 +124,18 @@ class Migration(
               "caseTemplate" → mispCaseTemplate,
               "status" → (misp \ "eventStatus").as[JsString],
               "follow" → (misp \ "follow").as[JsBoolean])
+        },
+        removeEntity("audit") { o ⇒
+          val objectType = (o \ "objectType").asOpt[String]
+
+          val r = objectType.contains("alert")
+          if (r) {
+            println(s"remove entity $o")
+          }
+          else {
+            println(s"don't remove entity (objectType=$objectType)")
+          }
+          r
         })
   }
 

diff --git a/thehive-misp/app/connectors/misp/JsonFormat.scala b/thehive-misp/app/connectors/misp/JsonFormat.scala
@@ -57,6 +57,7 @@ object JsonFormat {
       tags ← JsArray(json \ "EventTag" \\ "name").validate[Seq[String]]
     } yield MispAttribute(
       id,
+      category,
       tpe,
       date,
       comment,

diff --git a/thehive-misp/app/connectors/misp/MispModel.scala b/thehive-misp/app/connectors/misp/MispModel.scala
@@ -16,6 +16,7 @@ case class MispAlert(
 
 case class MispAttribute(
   id: String,
+  category: String,
   tpe: String,
   date: Date,
   comment: String,