first commit, miss api part

Author: DavidCruciani

.nojekyll

@@ -0,0 +1,8 @@
+![logo](images/flowintel.png)
+
+> Designed to assist analysts in organizing their cases and tasks.
+
+- Simple and lightweight
+
+[GitHub](https://github.com/flowintel/flowintel/)
+[Getting Started](#flowintel)

docs/_coverpage.md

@@ -0,0 +1,14 @@
+- [Quick start](docs/installation.md)
+  - [Configuration](docs/installation.md#configuration)
+  - [Installation](docs/installation.md#installation)
+  - [Dockerfile](docs/installation.md#dockerfile)
+  - [Docker Image](docs/installation.md#docker-image)
+- [Connectors](docs/connectors.md "Connect external tools")
+  - [Modules](docs/connectors.md#modules)
+- [Analyzers](docs/analyzers.md "Analyze with external tools")
+- [Connectors vs Analyzers](docs/connectors_analyzers.md)
+- [Importer](docs/importer.md)
+- [Notifications](docs/notifications.md)
+- [API](docs/api.md)
+- [Screenshots](docs/screenshots.md "Some screenshots of the project")
+- [Contributions](docs/contributions.md "How to contribute to the project")

docs/_sidebar.md

@@ -0,0 +1,37 @@
+# Analyzers
+
+An analyzer is a connected tool which will receive and send back data to flowintel.
+
+![](../images/flowintel_analyzers.png)
+
+After a selection in notes, send this to an analyzer, here it's [misp-modules](https://github.com/MISP/misp-modules) that is used as analyzer. You'll be redirect to misp-modules main page with pre-filled fields. After a research, results can be send to flowintel and populate notes with them.
+
+# Format
+
+### From flowintel
+
+Array of string. Each element is a new line of `Note selected`. (see `/analyzer` in flowintel)
+
+*<u>example</u>* `["8.8.8.8", "127.0.0.1",...]` or `["circl.lu", "google.com",...]`
+
+### To flowintel
+
+Dictionary 
+
+```json
+{
+    "8.8.8.8": {                    // Element queried
+        "circl_passivedns": {       // module used in the analyzer
+            "results"{              // required key
+                ...
+            }
+        },
+        "dns": {
+            ...
+        }
+    },
+    "127.0.0.1": {
+        ...
+    }
+}
+```

docs/analyzers.md

@@ -0,0 +1,3 @@
+# API
+
+

docs/api.md

@@ -0,0 +1,37 @@
+# Connectors
+
+A connector represent the tool you want to connect to, it will contain instances which contains information to connect and use the tool.
+
+An instance is usable by multiple cases but in each case an identifier is to be defined manually or will be defined by the module that will use the instance.
+
+<img title="" src="../images/flowintel_connectors.png" alt="" width="508">
+
+## Modules
+
+A module is a script that use flowintel data and send it to an other tool in a compatible 
+
+### Create your own module
+
+You can find an example [here](https://github.com/flowintel/flowintel/blob/main/app/modules/send_to/misp_event.py)
+
+You need at least to fill those two things:
+
+```python
+module_config = {
+    "connector": "",    # type of connector to use, can be removed 
+    "case_task": ""     # 'case' or 'task'
+}
+
+def handler(instance, case, user):
+    """
+    instance: Info about the connector like name, api_key...
+    case: Dictionary with all case info, including all its tasks
+    user: Info on the user who use the module
+    """
+    # Write your code here
+    # ...
+```
+
+Save your module in the directory that correspond to the type of your module:
+
+`flowintel/app/modules`

docs/connectors.md

@@ -0,0 +1,9 @@
+# Connectors vs Analyzers
+
+Connectors and Analyzers are not the same but have some similarities that can be confusing.
+
+![](../images/flowintel_connections.png)
+
+Analyzers receive data from flowintel and can send data to flowintel to enrich notes of cases or tasks.
+
+Connectors can only receive data from flowintel. In the case of MISP, this will result in the creation of an event with a flowintel-cm-case object for a case and a flowintel-cm-task object for a task.

docs/connectors_analyzers.md

@@ -0,0 +1,11 @@
+# Contributions
+
+Every Contributions is more than welcome and can be found on [github](https://github.com/flowintel/flowintel).
+
+## Ideas
+
+For ideas go on the [issues](https://github.com/flowintel/flowintel/issues) page.
+
+## Pull requests
+
+For pull requests go on the [pull requests](https://github.com/flowintel/flowintel/pulls) page.

docs/contributions.md

@@ -0,0 +1,37 @@
+<a id="flowintel"></a>
+
+![](images/flowintel.png)
+
+> Support analysts to organize their case and tasks
+
+## Features
+
+- **Case and Task Management**: Tailored for security analysts, enabling efficient tracking and organization.
+
+- **Rich Documentation Tools**: Includes Markdown and Mermaid integration for detailed notes, with export options like PDF.
+
+- **Integration with MISP standard**: Seamless connection with [MISP taxonomies](https://github.com/MISP/misp-taxonomies) and [MISP galaxy](https://www.misp-galaxy.org/).
+
+- **Calendar and Notifications**: Features an efficient calendar view and notifications for timely task management.
+
+- **Templating System**: Provides templates for cases and tasks, creating a playbook and process repository for cybersecurity.
+
+- **Flexible Data Export**: Offers modules for exporting data to platforms like [MISP](https://www.misp-project.org/), [AIL](https://www.ail-project.org/), and more.
+
+- **Accessible API**: Exposes an API for easy interaction with FlowIntel CM's functionalities.
+  
+  ![task-management](images/case_example.png)
+
+## License
+
+This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
+
+```
+Copyright (C) 2022-2023 CIRCL - Computer Incident Response Center Luxembourg
+Copyright (C) 2022-2023 David Cruciani
+```
+
+## Funding
+
+![CIRCL.lu](https://www.circl.lu/assets/images/logo.png)
+![CEF Telecom funding (D4 Project](https://www.misp-project.org/assets/images/en_cef.png)

docs/home.md

@@ -0,0 +1,37 @@
+# Importer
+
+To import a case and its tasks, JSON is needed.
+
+Here the format:
+
+```json
+{
+  "title": "Super Case",
+  "description": "My super case for the documentation",
+  "uuid": "0b1f9a85-0d38-46a1-b9dd-1eeea1608308",
+  "deadline": null,
+  "recurring_date": null,
+  "recurring_type": null,
+  "notes": "This case is just boring...",
+  "tags": [],
+  "clusters": [],
+  "tasks": [
+    {
+      "title": "Prepare a super tea",
+      "description": "Keep it as hot as possible",
+      "uuid": "ddd271b4-d7f8-4af0-a9b3-46ad52aca1bf",
+      "notes": [
+        {
+          "uuid": "",
+          "note": "# Preparation\n- add one sugar\n",
+          "task_uuid": "ddd271b4-d7f8-4af0-a9b3-46ad52aca1bf"
+        }
+      ],
+      "url": "",
+      "deadline": null,
+      "tags": ["PAP:RED"],
+      "clusters": []
+    }
+  ]
+}
+```

docs/importer.md

@@ -0,0 +1,51 @@
+# Quick start
+
+This was tested only on Ubuntu.
+
+### Configuration
+
+First of all you need to change the main configuration:
+
+```
+/conf/config.py
+```
+
+If you plan to use module, have a look on the configuration file for module:
+
+```
+/conf/config_module.py
+```
+
+### Installation
+
+After configuration you can run the installation script:
+
+```bash
+./install.sh
+```
+
+### Dockerfile
+
+You have also the possibility to use the docker file:
+
+```bash
+docker build
+docker run -t -i -p 7006:7006 ID_IMAGE
+```
+
+### Docker image
+
+There's an image already ready to use 
+
+```bash
+docker pull ghcr.io/flowintel/flowintel-cm:latest
+docker run -t -i -p 7006:7006 ID_IMAGE
+```
+
+
+
+### Account
+
+- email: `[email protected]`
+
+- password: `admin`

docs/installation.md

@@ -0,0 +1,19 @@
+# Notifications
+
+Each time the bell is clicked on a task to notify a user a notification is send.
+
+Regarding recurring case a screen is used. Every day at 2am the script create a notification for each recurring case for all users concern.
+
+## Screen
+
+To access the screen and eventually debug:
+
+```bash
+screen -r fcm
+```
+
+## Modules
+
+It's possible to notify user using modules like email, matrix... Here an [example](https://github.com/flowintel/flowintel/blob/main/app/modules/notify_user/email.py).
+
+If some parameters is needed to your own module, use [config_module.py](https://github.com/flowin.tel/flowintel/blob/main/conf/config_module.py)

docs/notifications.md

@@ -0,0 +1,33 @@
+# Screenshots
+
+### Case
+
+![](../images/case_example.png)
+
+### My Assignment
+
+![My Assignment](../images/my_assignment.png)
+
+### Calendar
+
+![Calendar](../images/calendar.png)
+
+### Template
+
+![Template Case](../images/template_case.png)
+
+### Analyzer
+
+![](../images/analyzer.png)
+
+### Importer
+
+![Importer](../images/importer.png)
+
+### Orgs
+
+![Org](../images/orgs.png)
+
+### Users
+
+![Users](../images/users.png)

docs/screenshots.md

@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <title>flowintel</title>
+        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
+        <meta name="description" content="Description">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
+        <link rel="stylesheet" href="//cdn.jsdelivr.net/npm/docsify@4/lib/themes/vue.css">
+        <!-- <link rel="stylesheet" href="//unpkg.com/docsify-themeable/dist/css/theme-simple.css"> -->
+        <link rel="icon" href="./favicon.ico" />
+        <style>
+            .sidebar > h1 {
+                /* margin-bottom: -.75em; */
+                margin-top: .75em;
+            }
+            .sidebar > h1 img {
+                height: 4em;
+            }
+            
+        </style>
+    </head>
+    <body>
+    <div id="app">Loading...</div>
+    <script>
+        window.$docsify = {
+        name: 'flowintel',
+        logo: './images/flowintel.png',
+        loadSidebar: 'docs/_sidebar.md',
+        repo: 'https://github.com/flowintel/flowintel-cm',
+        coverpage: 'docs/_coverpage.md',
+        autoHeader: true,
+        auto2top: true,
+        homepage: 'docs/home.md',
+        }
+    </script>
+    <!-- Docsify v4 -->
+    <script src="//cdn.jsdelivr.net/npm/docsify@4"></script>
+    <script src="//unpkg.com/docsify/lib/plugins/search.min.js"></script>
+    <script src="//cdn.jsdelivr.net/npm/prismjs@1/components/prism-python.min.js"></script>
+    <script src="//cdn.jsdelivr.net/npm/prismjs@1/components/prism-json.min.js"></script>
+    </body>
+</html>