Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Taxii2 major Bug fixes and enhancements for production use #272

Open
wants to merge 20 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
1380888
Configure taxii2 server
aams-eam Dec 25, 2023
b8a5b75
Fix problem with encoding of UUIDs
aams-eam Dec 27, 2023
067831a
Add public argument to create public api roots
aams-eam Dec 27, 2023
18d7a89
Add authentication for taxii2
aams-eam Dec 27, 2023
171e99b
Fix error for opentaxii-sync-data
aams-eam Dec 29, 2023
8c60407
Fix problem with can_read function
aams-eam Dec 29, 2023
63fae86
Fixed write access to collections
aams-eam Dec 29, 2023
d54a754
Add script for push, pull, and subscribe
aams-eam Jan 2, 2024
056eb8d
Fix docker-compose.yml
aams-eam Jan 2, 2024
1e5658d
Deleting unused var
aams-eam Jan 13, 2024
5b7128e
Fixes in create account command and taxii2 delete objects API
priyank-bhuva-crestdata Nov 5, 2024
9d5438c
Minor changes
priyank-bhuva-crestdata Nov 6, 2024
54673b0
Minor fixes
priyank-bhuva-crestdata Nov 6, 2024
7d8e699
Merge remote-tracking branch 'upstream/aamseam-taxii2-fix' into taxii…
priyank-bhuva-crestdata Nov 6, 2024
0bc2f59
Fixed DB issues
priyank-bhuva-crestdata Nov 12, 2024
056fa76
Merge remote-tracking branch 'origin/taxii2-fixes' into taxii2-merged…
priyank-bhuva-crestdata Nov 12, 2024
e7f3e38
Added a new command to delete accounts
priyank-bhuva-crestdata Nov 12, 2024
ee6d722
Merge branch 'taxii2-fixes' into taxii2-merged-fixes
priyank-bhuva-crestdata Nov 12, 2024
22249de
Fixed data duplication for versioning
priyank-bhuva-crestdata Nov 13, 2024
a5e883b
Merge remote-tracking branch 'origin/taxii2-fixes' into taxii2-merged…
priyank-bhuva-crestdata Nov 13, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ __pycache__/

# Distribution / packaging
.Python
.venv/
.vscode/
env/
build/
develop-eggs/
Expand Down
19 changes: 19 additions & 0 deletions examples/data-configuration-accounts.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
accounts:
- username: user_read
password: user_read
permissions:
taxii1:
firstcollection: read
taxii2:
ea9cdf30-root-idc3-b308-bf658d865cae:
privCollectionAlias: read
- username: user_write
password: user_write
permissions:
taxii2:
ea9cdf30-root-idc3-b308-bf658d865cae:
privCollectionAlias: modify
- username: admin
password: admin
is_admin: yes
105 changes: 54 additions & 51 deletions examples/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,54 +1,57 @@
db:
image: postgres:9.4
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: opentaxii
version: '3'

authdb:
image: postgres:9.4
environment:
POSTGRES_USER: user1
POSTGRES_PASSWORD: password1
POSTGRES_DB: opentaxii1
services:
db:
image: postgres:9.4
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: opentaxii

opentaxii:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secret
OPENTAXII_DOMAIN: 192.168.59.103:9000
OPENTAXII_USER: user
OPENTAXII_PASS: pass
DATABASE_HOST: db
DATABASE_NAME: opentaxii
DATABASE_USER: user
DATABASE_PASS: password
AUTH_DATABASE_HOST: authdb
AUTH_DATABASE_NAME: opentaxii1
AUTH_DATABASE_USER: user1
AUTH_DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9000:9000
links:
- db:db
- authdb:authdb
authdb:
image: postgres:9.4
environment:
POSTGRES_USER: user1
POSTGRES_PASSWORD: password1
POSTGRES_DB: opentaxii1

opentaxii2:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secrettwo
OPENTAXII_DOMAIN: 192.168.59.103
OPENTAXII_USER: user1
OPENTAXII_PASS: pass1
DATABASE_HOST: authdb
DATABASE_NAME: opentaxii1
DATABASE_USER: user1
DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9001:9000
links:
- authdb:authdb
opentaxii:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secret
OPENTAXII_DOMAIN: 192.168.59.103:9000
OPENTAXII_USER: user
OPENTAXII_PASS: pass
DATABASE_HOST: db
DATABASE_NAME: opentaxii
DATABASE_USER: user
DATABASE_PASS: password
AUTH_DATABASE_HOST: authdb
AUTH_DATABASE_NAME: opentaxii1
AUTH_DATABASE_USER: user1
AUTH_DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9000:9000
links:
- db:db
- authdb:authdb

opentaxii2:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secrettwo
OPENTAXII_DOMAIN: 192.168.59.103
OPENTAXII_USER: user1
OPENTAXII_PASS: pass1
DATABASE_HOST: authdb
DATABASE_NAME: opentaxii1
DATABASE_USER: user1
DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9001:9000
links:
- authdb:authdb
174 changes: 174 additions & 0 deletions examples/pullpushsub.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
import json
import sys
import requests
from taxii2client.v21 import Server
from taxii2client.exceptions import AccessError
from uuid import uuid4
from time import sleep

# Define your TAXII server and collection details
OPENTAXII_URL = "http://localhost:9000/"
TAXII2_SERVER = OPENTAXII_URL + "taxii2/"
USERNAME = "user_write"
PASSWORD = "user_write"


def pull_data(api_root_url, collection):
# Pull data from the TAXII collection
try:
# Pull data from the collection
data = collection.get_objects()
print(f"Num objects pulled: {len(data.get('objects', []))}")
except AccessError:
print("[Pull Error] The user does not have write access")
return None

return data


def push_data(api_root_url, collection):
# load stix data and push it
with open("stix/nettool.stix.json", "r") as f:
stix_loaded = json.load(f)

stix_type = stix_loaded["type"]
stix_id = stix_type + "--" + str(uuid4())
stix_loaded["id"] = stix_id

envelope_data = {
"more": False,
"objects": [stix_loaded],
}
try:
# Push data to the collection
collection.add_objects(envelope_data)
print("Data pushed successfully.")
except AccessError:
print("[Push Error] The user does not have write access")


def subscribe(api_root_url, collection):
added_after = None

# Get Authentication Token
response = requests.post(
OPENTAXII_URL + "management/auth",
headers={
"Content-Type": "application/json",
},
json={
"username": USERNAME,
"password": PASSWORD,
},
)
auth_token = response.json().get("token", None)

while True:
if added_after is None:
url = api_root_url + "collections/" + collection.id + "/objects/"
else:
url = (
api_root_url
+ "collections/"
+ collection.id
+ f"/objects/?added_after={added_after}"
)

# Get all objects from added_after
response = requests.get(
url=url,
headers={
"Authorization": f"Bearer {auth_token}",
},
)
taxii_env = response.json()
objects = taxii_env.get("objects", [])

print(f"Read {len(objects)} objects from the TAXII2 server")
if len(objects) > 0:
added_after = response.headers.get("X-TAXII-Date-Added-Last", "")

sleep(3)


def not_an_action(collection):
print("That is not an option!")


def main():
server = Server(
TAXII2_SERVER,
user=USERNAME,
password=PASSWORD,
)
print(server.title)
print("=" * len(server.title))

print("Select an API Root:")
print(server.api_roots)
print()
for index, aroot in enumerate(server.api_roots, start=1):
print(f"{index}.")
try:
print(f"Title: {aroot.title}")
print(f"Description: {aroot.description}")
print(f"Versions: {aroot.versions}")
except Exception:
print(
"This API Root is not public.\nYou need to identify to see this API Root"
)
print()

aroot_choice = input("Enter the number of your choice: ")
try:
aroot_choice = int(aroot_choice)
selected_api_root = server.api_roots[aroot_choice - 1]
collections_l = selected_api_root.collections
except (ValueError, IndexError):
print("Invalid choice. Please enter a valid number.")
sys.exit()
except Exception as e:
print(e)
print("You cannot access this API Root. You need to authenticate.")
sys.exit()

for index, coll in enumerate(collections_l, start=1):
print(f"{index}.")
print(f"\tId: {coll.id}")
print(f"\tTitle: {coll.title}")
print(f"\tAlias: {coll.alias}")
print(f"\tDescription: {coll.description}")
print(f"\tMedia Types: {coll.media_types}")
print(f"\tCan Read: {coll.can_read}")
print(f"\tCan Write: {coll.can_write}")
print(f"\tObjects URL: {coll.objects_url}")
print(f"\tCustom Properties: {coll.custom_properties}")
print()

coll_choice = input("Enter the number of your choice: ")
try:
coll_choice = int(coll_choice)
selected_collection = selected_api_root.collections[coll_choice - 1]
except (ValueError, IndexError):
print("Invalid choice. Please enter a valid number.")
sys.exit()

actions_d = {
1: pull_data,
2: push_data,
3: subscribe,
}

while True:
print()
print("1: Pull")
print("2: Push")
print("3: Subscribe")
action_choice = int(input("Enter the number of your choice: "))
action_func = actions_d.get(action_choice, not_an_action)
action_func(selected_api_root.url, selected_collection)
print()


if __name__ == "__main__":
main()
11 changes: 11 additions & 0 deletions examples/stix/nettool.stix.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"modified": "2023-07-25T19:25:59.767Z",
"name": "Net",
"description": "The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft Net Utility)\n\n[Net](https://attack.mitre.org/software/S0039) has a great deal of functionality, (Citation: Savill 1999) much of which is useful for an adversary, such as gathering system and network information for Discovery, moving laterally through [SMB/Windows Admin Shares](https://attack.mitre.org/techniques/T1021/002) using <code>net use</code> commands, and interacting with services. The net1.exe utility is executed for certain functionality when net.exe is run and can be used directly in commands such as <code>net1 user</code>.",
"type": "tool",
"id": "tool--03342581-f790-4f03-ba41-e82e67392e25",
"created": "2017-05-31T21:32:31.601Z",
"revoked": false,
"external_references": [],
"spec_version": "2.1"
}
22 changes: 20 additions & 2 deletions opentaxii/auth/manager.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import structlog
from opentaxii.persistence.exceptions import DoesNotExistError

log = structlog.getLogger(__name__)

Expand Down Expand Up @@ -44,13 +45,30 @@ def update_account(self, account, password):
NOTE: Additional method that is only used in the helper scripts
shipped with OpenTAXII.
'''
for colname, permission in list(account.permissions.items()):
permission_collections = {}
# Check for taxii1 collections
for colname, permission in list(account.permissions.get("taxii1", {}).items()):
collection = self.server.servers.taxii1.persistence.get_collection(colname)
if not collection:
log.warning(
"update_account.unknown_collection",
collection=colname)
account.permissions.pop(colname)
else:
permission_collections[colname] = permission

# Check for taxii2 collections
for api_root, collections in list(account.permissions.get("taxii2", {}).items()):
for colname, permission in collections.items():
try:
collection = self.server.servers.taxii2.persistence.get_collection(api_root, colname)
except DoesNotExistError:
log.warning(
"update_account.unknown_collection",
api_root=api_root, collection=colname)
else:
permission_collections[str(collection.id)] = permission

account.permissions = permission_collections
account = self.api.update_account(account, password)
return account

Expand Down
22 changes: 22 additions & 0 deletions opentaxii/cli/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ def create_account(argv=None):
account = app.taxii_server.auth.api.create_account(
username=args.username,
password=args.password,
is_admin=args.admin
)
token = app.taxii_server.auth.authenticate(
username=account.username,
Expand Down Expand Up @@ -67,3 +68,24 @@ def update_account(argv=None):
print('now user is mortal')
return
print('cannot find account with given username')


def delete_account(argv=None):
parser = argparse.ArgumentParser(
description="Delete Account via OpenTAXII Auth API",
formatter_class=argparse.ArgumentDefaultsHelpFormatter
)
parser.add_argument("-u", "--username", required=True)

if argv is None:
argv = sys.argv[1:]
args = parser.parse_args(argv)

with app.app_context():
account = app.taxii_server.auth.api.delete_account(
username=args.username
)
if account:
print('Deleted Account: {}'.format(account))
else:
print('Cannot Delete Account: {}'.format(args.username))
Loading