mirror of
https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git
synced 2025-12-17 01:56:46 +00:00
✨ Add TheHive & Cortex nodes (#952)
* ✨ TheHive & Cortex nodes * 🔨 Make changes mentioned in #887 * ⚡ Improvements * ⚡ Improvements * ⚡ Improvements * ⚡ Add descriptions * ⚡ Improvements * ⚡ Improvements Co-authored-by: MedAliMarz <servfrdali@yahoo.fr>
This commit is contained in:
Ricardo Espinoza
469
packages/nodes-base/nodes/Cortex/Cortex.node.ts
Normal file
469
packages/nodes-base/nodes/Cortex/Cortex.node.ts
Normal file
@@ -0,0 +1,469 @@
|
||||
import {
|
||||
IExecuteFunctions,
|
||||
BINARY_ENCODING,
|
||||
} from 'n8n-core';
|
||||
|
||||
import {
|
||||
cortexApiRequest,
|
||||
getEntityLabel,
|
||||
prepareParameters,
|
||||
splitTags,
|
||||
} from './GenericFunctions';
|
||||
|
||||
import {
|
||||
analyzersOperations,
|
||||
analyzerFields,
|
||||
} from './AnalyzerDescriptions';
|
||||
|
||||
import {
|
||||
INodeExecutionData,
|
||||
INodeType,
|
||||
INodeTypeDescription,
|
||||
INodePropertyOptions,
|
||||
ILoadOptionsFunctions,
|
||||
IDataObject,
|
||||
IBinaryData,
|
||||
} from 'n8n-workflow';
|
||||
|
||||
import {
|
||||
respondersOperations,
|
||||
responderFields,
|
||||
} from './ResponderDescription';
|
||||
|
||||
import {
|
||||
jobFields,
|
||||
jobOperations,
|
||||
} from './JobDescription';
|
||||
|
||||
import {
|
||||
upperFirst,
|
||||
} from 'lodash';
|
||||
|
||||
import {
|
||||
IJob,
|
||||
} from './AnalyzerInterface';
|
||||
|
||||
import {
|
||||
createHash,
|
||||
} from 'crypto';
|
||||
|
||||
import * as changeCase from 'change-case';
|
||||
|
||||
export class Cortex implements INodeType {
|
||||
description: INodeTypeDescription = {
|
||||
displayName: 'Cortex',
|
||||
name: 'cortex',
|
||||
icon: 'file:cortex.png',
|
||||
group: ['transform'],
|
||||
subtitle: '={{$parameter["resource"]+ ": " + $parameter["operation"]}}',
|
||||
version: 1,
|
||||
description: 'Apply the Cortex analyzer/responder on the given entity',
|
||||
defaults: {
|
||||
name: 'Cortex',
|
||||
color: '#54c4c3',
|
||||
},
|
||||
inputs: ['main'],
|
||||
outputs: ['main'],
|
||||
credentials: [
|
||||
{
|
||||
name: 'cortexApi',
|
||||
required: true,
|
||||
},
|
||||
],
|
||||
properties: [
|
||||
// Node properties which the user gets displayed and
|
||||
// can change on the node.
|
||||
{
|
||||
displayName:'Resource',
|
||||
name:'resource',
|
||||
type:'options',
|
||||
options:[
|
||||
{
|
||||
name: 'Analyzer',
|
||||
value:'analyzer',
|
||||
},
|
||||
{
|
||||
name: 'Responder',
|
||||
value:'responder',
|
||||
},
|
||||
{
|
||||
name: 'Job',
|
||||
value:'job',
|
||||
},
|
||||
],
|
||||
default: 'analyzer',
|
||||
description: 'Choose a resource',
|
||||
required: true,
|
||||
},
|
||||
...analyzersOperations,
|
||||
...analyzerFields,
|
||||
...respondersOperations,
|
||||
...responderFields,
|
||||
...jobOperations,
|
||||
...jobFields
|
||||
],
|
||||
};
|
||||
|
||||
methods = {
|
||||
loadOptions: {
|
||||
|
||||
async loadActiveAnalyzers(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
|
||||
// request the enabled analyzers from instance
|
||||
const requestResult = await cortexApiRequest.call(
|
||||
this,
|
||||
'POST',
|
||||
`/analyzer/_search`,
|
||||
);
|
||||
|
||||
const returnData: INodePropertyOptions[] = [];
|
||||
|
||||
for (const analyzer of requestResult) {
|
||||
returnData.push({
|
||||
name: analyzer.name as string,
|
||||
value: `${analyzer.id as string}::${analyzer.name as string}`,
|
||||
description: analyzer.description as string,
|
||||
});
|
||||
}
|
||||
|
||||
return returnData;
|
||||
},
|
||||
|
||||
async loadActiveResponders(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
|
||||
// request the enabled responders from instance
|
||||
const requestResult = await cortexApiRequest.call(
|
||||
this,
|
||||
'GET',
|
||||
`/responder`,
|
||||
);
|
||||
|
||||
const returnData: INodePropertyOptions[] = [];
|
||||
for (const responder of requestResult) {
|
||||
returnData.push({
|
||||
name: responder.name as string,
|
||||
value: `${responder.id as string}::${responder.name as string}`,
|
||||
description: responder.description as string,
|
||||
});
|
||||
}
|
||||
return returnData;
|
||||
},
|
||||
|
||||
async loadObservableOptions(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
|
||||
const selectedAnalyzerId = (this.getNodeParameter('analyzer') as string).split('::')[0];
|
||||
// request the analyzers from instance
|
||||
const requestResult = await cortexApiRequest.call(
|
||||
this,
|
||||
'GET',
|
||||
`/analyzer/${selectedAnalyzerId}`,
|
||||
);
|
||||
|
||||
// parse supported observable types into options
|
||||
const returnData: INodePropertyOptions[] = [];
|
||||
for (const dataType of requestResult.dataTypeList) {
|
||||
returnData.push(
|
||||
{
|
||||
name: upperFirst(dataType as string),
|
||||
value: dataType as string,
|
||||
},
|
||||
);
|
||||
}
|
||||
return returnData;
|
||||
},
|
||||
|
||||
async loadDataTypeOptions(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
|
||||
const selectedResponderId = (this.getNodeParameter('responder') as string).split('::')[0];
|
||||
// request the responder from instance
|
||||
const requestResult = await cortexApiRequest.call(
|
||||
this,
|
||||
'GET',
|
||||
`/responder/${selectedResponderId}`,
|
||||
);
|
||||
// parse the accepted dataType into options
|
||||
const returnData: INodePropertyOptions[] = [];
|
||||
for (const dataType of requestResult.dataTypeList) {
|
||||
returnData.push(
|
||||
{
|
||||
value: (dataType as string).split(':')[1],
|
||||
name: changeCase.capitalCase((dataType as string).split(':')[1])
|
||||
},
|
||||
);
|
||||
}
|
||||
return returnData;
|
||||
},
|
||||
|
||||
},
|
||||
};
|
||||
|
||||
async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
|
||||
const items = this.getInputData();
|
||||
const returnData: IDataObject[] = [];
|
||||
const length = (items.length as unknown) as number;
|
||||
const qs: IDataObject = {};
|
||||
let responseData;
|
||||
const resource = this.getNodeParameter('resource', 0) as string;
|
||||
const operation = this.getNodeParameter('operation', 0) as string;
|
||||
|
||||
for (let i = 0; i < length; i++) {
|
||||
if (resource === 'analyzer') {
|
||||
//https://github.com/TheHive-Project/CortexDocs/blob/master/api/api-guide.md#run
|
||||
if (operation === 'execute') {
|
||||
|
||||
let force = false;
|
||||
|
||||
const analyzer = this.getNodeParameter('analyzer', i) as string;
|
||||
|
||||
const observableType = this.getNodeParameter('observableType', i) as string;
|
||||
|
||||
const additionalFields = this.getNodeParameter('additionalFields', i) as IDataObject;
|
||||
|
||||
const tlp = this.getNodeParameter('tlp', i) as string;
|
||||
|
||||
const body: IDataObject = {
|
||||
dataType: observableType,
|
||||
tlp,
|
||||
};
|
||||
|
||||
if (additionalFields.force === true) {
|
||||
force = true;
|
||||
}
|
||||
|
||||
if (observableType === 'file') {
|
||||
|
||||
const item = items[i];
|
||||
|
||||
if (item.binary === undefined) {
|
||||
throw new Error('No binary data exists on item!');
|
||||
}
|
||||
|
||||
const binaryPropertyName = this.getNodeParameter('binaryPropertyName', i) as string;
|
||||
|
||||
if (item.binary[binaryPropertyName] === undefined) {
|
||||
throw new Error(`No binary data property "${binaryPropertyName}" does not exists on item!`);
|
||||
}
|
||||
|
||||
const fileBufferData = Buffer.from(item.binary[binaryPropertyName].data, BINARY_ENCODING);
|
||||
|
||||
const options = {
|
||||
formData: {
|
||||
data: {
|
||||
value: fileBufferData,
|
||||
options: {
|
||||
contentType: item.binary[binaryPropertyName].mimeType,
|
||||
filename: item.binary[binaryPropertyName].fileName,
|
||||
}
|
||||
},
|
||||
_json: JSON.stringify({
|
||||
dataType: observableType,
|
||||
tlp,
|
||||
})
|
||||
}
|
||||
};
|
||||
|
||||
responseData = await cortexApiRequest.call(
|
||||
this,
|
||||
'POST',
|
||||
`/analyzer/${analyzer.split('::')[0]}/run`,
|
||||
{},
|
||||
{ force },
|
||||
'',
|
||||
options,
|
||||
) as IJob;
|
||||
|
||||
continue;
|
||||
|
||||
} else {
|
||||
const observableValue = this.getNodeParameter('observableValue', i) as string;
|
||||
|
||||
body.data = observableValue;
|
||||
|
||||
responseData = await cortexApiRequest.call(
|
||||
this,
|
||||
'POST',
|
||||
`/analyzer/${analyzer.split('::')[0]}/run`,
|
||||
body,
|
||||
{ force },
|
||||
) as IJob;
|
||||
}
|
||||
|
||||
if (additionalFields.timeout) {
|
||||
responseData = await cortexApiRequest.call(
|
||||
this,
|
||||
'GET',
|
||||
`/job/${responseData.id}/waitreport`,
|
||||
{},
|
||||
{ atMost: `${additionalFields.timeout}second` },
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (resource === 'job') {
|
||||
//https://github.com/TheHive-Project/CortexDocs/blob/master/api/api-guide.md#get-details-1
|
||||
if (operation === 'get') {
|
||||
|
||||
const jobId = this.getNodeParameter('jobId', i) as string;
|
||||
|
||||
responseData = await cortexApiRequest.call(
|
||||
this,
|
||||
'GET',
|
||||
`/job/${jobId}`,
|
||||
);
|
||||
}
|
||||
//https://github.com/TheHive-Project/CortexDocs/blob/master/api/api-guide.md#get-details-and-report
|
||||
if (operation === 'report') {
|
||||
|
||||
const jobId = this.getNodeParameter('jobId', i) as string;
|
||||
|
||||
responseData = await cortexApiRequest.call(
|
||||
this,
|
||||
'GET',
|
||||
`/job/${jobId}/report`,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if (resource === 'responder') {
|
||||
if (operation === 'execute') {
|
||||
const responderId = (this.getNodeParameter('responder', i) as string).split('::')[0];
|
||||
|
||||
const entityType = this.getNodeParameter('entityType', i) as string;
|
||||
|
||||
const isJSON = this.getNodeParameter('jsonObject',i) as boolean;
|
||||
let body:IDataObject;
|
||||
|
||||
|
||||
if(isJSON){
|
||||
|
||||
|
||||
const entityJson = JSON.parse(this.getNodeParameter('objectData', i) as string);
|
||||
|
||||
body = {
|
||||
responderId,
|
||||
label: getEntityLabel(entityJson),
|
||||
dataType: `thehive:${entityType}`,
|
||||
data: entityJson,
|
||||
tlp: entityJson.tlp || 2,
|
||||
pap: entityJson.pap || 2,
|
||||
message: entityJson.message || '',
|
||||
parameters:[],
|
||||
};
|
||||
|
||||
}else{
|
||||
|
||||
const values = (this.getNodeParameter('parameters',i) as IDataObject).values as IDataObject;
|
||||
|
||||
body= {
|
||||
responderId,
|
||||
dataType: `thehive:${entityType}`,
|
||||
data: {
|
||||
_type: entityType,
|
||||
...prepareParameters(values)
|
||||
}
|
||||
};
|
||||
if( entityType === 'alert'){
|
||||
// deal with alert artifacts
|
||||
const artifacts = (body.data as IDataObject).artifacts as IDataObject;
|
||||
|
||||
if (artifacts) {
|
||||
|
||||
const artifactValues = (artifacts as IDataObject).artifactValues as IDataObject[];
|
||||
|
||||
if (artifactValues) {
|
||||
|
||||
const artifactData = [];
|
||||
|
||||
for (const artifactvalue of artifactValues) {
|
||||
|
||||
const element: IDataObject = {};
|
||||
|
||||
element.message = artifactvalue.message as string;
|
||||
|
||||
element.tags = splitTags(artifactvalue.tags as string) as string[];
|
||||
|
||||
element.dataType = artifactvalue.dataType as string;
|
||||
|
||||
element.data = artifactvalue.data as string;
|
||||
|
||||
if (artifactvalue.dataType === 'file') {
|
||||
|
||||
const item = items[i];
|
||||
|
||||
if (item.binary === undefined) {
|
||||
throw new Error('No binary data exists on item!');
|
||||
}
|
||||
|
||||
const binaryPropertyName = artifactvalue.binaryProperty as string;
|
||||
|
||||
if (item.binary[binaryPropertyName] === undefined) {
|
||||
throw new Error(`No binary data property '${binaryPropertyName}' does not exists on item!`);
|
||||
}
|
||||
|
||||
const binaryData = item.binary[binaryPropertyName] as IBinaryData;
|
||||
|
||||
element.data = `${binaryData.fileName};${binaryData.mimeType};${binaryData.data}`;
|
||||
}
|
||||
|
||||
artifactData.push(element);
|
||||
}
|
||||
|
||||
(body.data as IDataObject).artifacts = artifactData;
|
||||
}
|
||||
}
|
||||
}
|
||||
if(entityType ==='case_artifact'){
|
||||
// deal with file observable
|
||||
|
||||
if ((body.data as IDataObject).dataType === 'file') {
|
||||
|
||||
const item = items[i];
|
||||
|
||||
if (item.binary === undefined) {
|
||||
throw new Error('No binary data exists on item!');
|
||||
}
|
||||
|
||||
const binaryPropertyName = (body.data as IDataObject).binaryPropertyName as string;
|
||||
if (item.binary[binaryPropertyName] === undefined) {
|
||||
throw new Error(`No binary data property "${binaryPropertyName}" does not exists on item!`);
|
||||
}
|
||||
|
||||
const fileBufferData = Buffer.from(item.binary[binaryPropertyName].data, BINARY_ENCODING);
|
||||
const sha256 = createHash('sha256').update(fileBufferData).digest('hex');
|
||||
|
||||
(body.data as IDataObject).attachment = {
|
||||
name: item.binary[binaryPropertyName].fileName,
|
||||
hashes: [
|
||||
sha256,
|
||||
createHash('sha1').update(fileBufferData).digest('hex'),
|
||||
createHash('md5').update(fileBufferData).digest('hex')
|
||||
],
|
||||
size:fileBufferData.byteLength,
|
||||
contentType: item.binary[binaryPropertyName].mimeType,
|
||||
id:sha256,
|
||||
};
|
||||
|
||||
delete (body.data as IDataObject).binaryPropertyName;
|
||||
}
|
||||
}
|
||||
// add the job label after getting all entity attributes
|
||||
body = {
|
||||
label: getEntityLabel(body.data as IDataObject),
|
||||
...body
|
||||
};
|
||||
|
||||
}
|
||||
responseData = await cortexApiRequest.call(
|
||||
this,
|
||||
'POST',
|
||||
`/responder/${responderId}/run`,
|
||||
body,
|
||||
) as IJob;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (Array.isArray(responseData)) {
|
||||
returnData.push.apply(returnData, responseData as IDataObject[]);
|
||||
} else if (responseData !== undefined) {
|
||||
returnData.push(responseData as IDataObject);
|
||||
}
|
||||
return [this.helpers.returnJsonArray(returnData)];
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user