Merge pull request #452 from wazuh/dev-mitre-framework-4036

New endpoint for Mitre

Author: davidjiglesias

CHANGELOG.md

@@ -3,9 +3,14 @@ All notable changes to this project will be documented in this file.
 
 ## [v3.13.0]
 
-- New API request to add SOC complicance support: [commit](https://github.com/wazuh/wazuh-api/commit/719563a6e18581a2c062ba0f6a950730ac74222d).
-    * `GET/rules/tsc` 
+### Added
+
+- New API requests:
+    * `GET/mitre` ([#452](https://github.com/wazuh/wazuh-api/pull/452))
+    * `GET/rules/tsc` (Add SOC complicance support: [commit](https://github.com/wazuh/wazuh-api/commit/719563a6e18581a2c062ba0f6a950730ac74222d).)
+
 - New filters in request `GET/rules`:
+    - `mitre`: Filters the rules by mitre requirement
     - `tsc`: Filters the rules by tsc requirement
 
 ## [v3.12.3]

controllers/index.js

@@ -87,6 +87,7 @@ router.use('/ciscat', require('./ciscat'));
 router.use('/active-response', require('./active_response'));
 router.use('/lists', require('./lists'));
 router.use('/summary', require('./summary'));
+router.use('/mitre', require('./mitre'));
 
 if (config.experimental_features){
     router.use('/experimental', require('./experimental'));

controllers/mitre.js

@@ -0,0 +1,71 @@
+/**
+ * Wazuh RESTful API
+ * Copyright (C) 2015-2019 Wazuh, Inc. All rights reserved.
+ * Wazuh.com
+ *
+ * This program is a free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General Public
+ * License (version 2) as published by the FSF - Free Software
+ * Foundation.
+ */
+
+
+var router = require('express').Router();
+
+/**
+ * @api {get} /mitre Get information from Mitre database
+ * @apiName GetMitre
+ * @apiGroup Info
+ *
+ * @apiParam {Number} [offset] First element to return in the collection.
+ * @apiParam {Number} [limit=10] Maximum number of elements to return.
+ * @apiParam {String} [sort] Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+ * @apiParam {String} [select] List of selected fields separated by commas.
+ * @apiParam {String} [q] Query to filter results by. For example q="id=T1010"
+ * @apiParam {String} [id] Filter by attack ID.
+ * @apiParam {String} [phase_name] Filter by phase name.
+ * @apiParam {String} [platform_name] Filter by platform name.
+ * @apiParam {String} [search] Looks for elements with the specified string.
+ *
+ * @apiDescription Returns information from Mitre database
+ *
+ * @apiExample {curl} Example usage*:
+ *     curl -u foo:bar -k -X GET "https://127.0.0.1:55000/mitre?limit=2&offset=4&pretty"
+ *
+ */
+router.get('/', cache(), function(req, res) {
+    logger.debug(req.connection.remoteAddress + " GET /mitre");
+
+    req.apicacheGroup = "mitre";
+
+    var data_request = {'function': '/mitre', 'arguments': {}};
+    var filters = {'offset': 'numbers', 'limit': 'numbers', 'q': 'query_param',
+                   'id': 'search_param', 'phase_name': 'search_param',
+                   'platform_name': 'names', 'search': 'search_param', 'sort':'sort_param', 'select': 'select_param'};
+
+    if (!filter.check(req.query, filters, req, res))  // Filter with error
+        return;
+
+    if ('offset' in req.query)
+        data_request['arguments']['offset'] = Number(req.query.offset);
+    if ('limit' in req.query)
+        data_request['arguments']['limit'] = Number(req.query.limit);
+    if ('id' in req.query)
+        data_request['arguments']['id'] = req.query.id;
+    if ('phase_name' in req.query)
+        data_request['arguments']['phase_name'] = req.query.phase_name;
+    if ('platform_name' in req.query)
+        data_request['arguments']['platform_name'] = req.query.platform_name;
+    if ('search' in req.query)
+        data_request['arguments']['search'] = filter.search_param_to_json(req.query.search);
+    if ('sort' in req.query)
+        data_request['arguments']['sort'] = filter.sort_param_to_json(req.query.sort);
+    if ('select' in req.query)
+        data_request['arguments']['select'] = filter.select_param_to_json(req.query.select);
+    if ('q' in req.query)
+        data_request['arguments']['q'] = req.query.q;
+
+    execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
+})
+
+module.exports = router;

controllers/rules.js

@@ -31,6 +31,7 @@ var router = require('express').Router();
  * @apiParam {String} [hipaa] Filters the rules by hipaa requirement.
  * @apiParam {String} [nist-800-53] Filters the rules by nist-800-53 requirement.
  * @apiParam {String} [gpg13] Filters the rules by gpg13 requirement.
+ * @apiParam {String} [mitre] Filters the rules by mitre requirement.
  * @apiParam {String} [tsc] Filters the rules by tsc requirement.
  * @apiParam {String} [q] Query to filter results by. For example q=id=89055
  *
@@ -45,7 +46,8 @@ router.get('/', cache(), function(req, res) {
     query_checks = {'status':'alphanumeric_param', 'group':'alphanumeric_param',
         'level':'ranges', 'path':'paths', 'file':'alphanumeric_param', 'pci':'alphanumeric_param',
         'gdpr': 'alphanumeric_param', 'hipaa': 'alphanumeric_param',
-        'nist-800-53': 'alphanumeric_param', 'gpg13': 'alphanumeric_param', 'tsc': 'alphanumeric_param'};
+        'nist-800-53': 'alphanumeric_param', 'gpg13': 'alphanumeric_param', 'tsc': 'alphanumeric_param',
+        'mitre': 'alphanumeric_param'};
 
     templates.array_request('/rules', req, res, "rules", param_checks, query_checks);
 })
@@ -327,6 +329,46 @@ router.get('/tsc', cache(), function(req, res) {
     execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
 })
 
+/**
+ * @api {get} /rules/mitre Get rule mitre requirements
+ * @apiName GetRulesMitre
+ * @apiGroup Info
+ *
+ * @apiParam {Number} [offset] First element to return in the collection.
+ * @apiParam {Number} [limit=500] Maximum number of elements to return.
+ * @apiParam {String} [sort] Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+ * @apiParam {String} [search] Looks for elements with the specified string.
+ *
+ * @apiDescription Returns the Mitre requirements of all rules.
+ *
+ * @apiExample {curl} Example usage:
+ *     curl -u foo:bar -k -X GET "https://127.0.0.1:55000/rules/Mitre?offset=0&limit=2&pretty"
+ *
+ */
+router.get('/mitre', cache(), function(req, res) {
+    logger.debug(req.connection.remoteAddress + " GET /rules/mitre");
+
+    req.apicacheGroup = "rules";
+
+    var data_request = {'function': '/rules/mitre', 'arguments': {}};
+    var filters = {'offset': 'numbers', 'limit': 'numbers', 'sort':'sort_param', 'search':'search_param'};
+
+    if (!filter.check(req.query, filters, req, res))  // Filter with error
+        return;
+
+    if ('offset' in req.query)
+        data_request['arguments']['offset'] = Number(req.query.offset);
+    if ('limit' in req.query)
+        data_request['arguments']['limit'] = Number(req.query.limit);
+    if ('sort' in req.query)
+        data_request['arguments']['sort'] = filter.sort_param_to_json(req.query.sort);
+    if ('search' in req.query)
+        data_request['arguments']['search'] = filter.search_param_to_json(req.query.search);
+
+    execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
+})
+
+
 /**
  * @api {get} /rules/files Get files of rules
  * @apiName GetRulesFiles