Class: ActiveStix::Report

Inherits:
ApplicationRecord show all
Defined in:
app/models/active_stix/report.rb

Constant Summary collapse

@@stix_map = 
{
    'bundle' => ActiveStix::Bundle,
    'attack-pattern' => ActiveStix::AttackPattern,
    'relationship' => ActiveStix::Relationship,
    'course-of-action' => ActiveStix::CourseOfAction,
    'identity' => ActiveStix::Identity,
    'intrusion-set' => ActiveStix::IntrusionSet,
    'malware' => ActiveStix::Malware,
    'tool' => ActiveStix::Tool,
    'marking-definition' => ActiveStix::MarkingDefinition,
    'report' => ActiveStix::Report,
    'campaign' => ActiveStix::Campaign,
    'indicator' => ActiveStix::Indicator
}

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.add_obj_refs(report_json) ⇒ Object 



46
47
48
49
50
51
52
53
54
 
# File 'app/models/active_stix/report.rb', line 46

def self.add_obj_refs(report_json)
  report = find_by(stix_id: report_json['id'], name: report_json['name'])
  if report_json.has_key?('object_refs')
    report_json['object_refs'].each do |obj_refs|
      report.add(obj_refs)
    end
  end
  report.save
end

.ingest_json(obj) ⇒ Object 



33
34
35
36
37
38
39
40
41
42
43
 
# File 'app/models/active_stix/report.rb', line 33

def self.ingest_json(obj)
  report = find_or_create_by(stix_id:obj['id'], name:obj['name'], description:obj['description'], published:obj['published'])
  if obj.has_key?('labels')
    obj['labels'].each do | lab |
      label = ActiveStix::Label.ingest_label('report-labels', lab)
      report.labels << label unless ActiveStix::Markup.find_by(labelable: report, label: label)
    end
  end
  report.save
  report
end

Instance Method Details

#add(stix_object) ⇒ Object 



57
58
59
60
61
62
63
64
65
66
67
 
# File 'app/models/active_stix/report.rb', line 57

def add(stix_object)
  unless includes?(stix_object)
    #report_object = Bundle.find_or_create_object(stix_object) # todo using object prefix and stix map
    #report_objects << report_object
    #report_objects.create(stix_object_ref: stix_object, stix_object_type: obj_type)
    obj_type_str = stix_object.split('--')[0]
    #obj_type = @@stix_map[obj_type_str]
    obj = @@stix_map[obj_type_str].where("stix_id = ?", stix_object).first
    report_objects.create(stix_object: obj) unless report_objects.find_by(report_ref: stix_id, object_ref: obj)
  end
end

#add_stix_object(stix_object) ⇒ Object

used by phishing report



70
71
72
73
74
 
# File 'app/models/active_stix/report.rb', line 70

def add_stix_object(stix_object)
  unless includes?(stix_object)
    report_objects.create(stix_object: stix_object)
  end
end

#as_stix(classification = nil, chess = nil) ⇒ Object 



80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'app/models/active_stix/report.rb', line 80

def as_stix(classification = nil, chess = nil)
  as_json(only:[:name, :description]).tap do |hash|
    hash["id"] = stix_id
    hash["type"] = type
    hash["description"] = description 
    hash["created"] = created_at.rfc3339(3)
    hash["modified"] = updated_at.rfc3339(3)
    hash["published"] = (published || updated_at).rfc3339(3)
    hash["object_refs"] = report_objects.collect{|ro| ro.stix_object.stix_id}
    hash["labels"] = labels.collect{|label| label.name}
  end
end

#includes?(stix_object) ⇒ Boolean

Returns:



76
77
78
 
# File 'app/models/active_stix/report.rb', line 76

def includes?(stix_object)
  report_objects.where(object_ref: stix_object).any?
end

#typeObject 



29
30
31
 
# File 'app/models/active_stix/report.rb', line 29

def type
  'report'
end