2018-11-12 13:25:53 +01:00
|
|
|
from canari.maltego.transform import Transform
|
|
|
|
|
# from canari.framework import EnableDebugWindow
|
2019-02-08 22:41:33 +01:00
|
|
|
from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, get_attribute_in_event, attribute_to_entity
|
|
|
|
|
from MISP_maltego.transforms.common.entities import Unknown
|
2018-11-12 13:25:53 +01:00
|
|
|
|
|
|
|
|
__author__ = 'Christophe Vandeplas'
|
|
|
|
|
__copyright__ = 'Copyright 2018, MISP_maltego Project'
|
|
|
|
|
__credits__ = []
|
|
|
|
|
|
|
|
|
|
__license__ = 'AGPLv3'
|
|
|
|
|
__version__ = '0.1'
|
|
|
|
|
__maintainer__ = 'Christophe Vandeplas'
|
|
|
|
|
__email__ = 'christophe@vandeplas.com'
|
|
|
|
|
__status__ = 'Development'
|
|
|
|
|
|
|
|
|
|
|
2019-02-08 21:27:44 +01:00
|
|
|
# @EnableDebugWindow
|
|
|
|
|
class AttributeInMISP(Transform):
|
2019-02-08 22:41:33 +01:00
|
|
|
"""Green bookmark if known in MISP"""
|
2019-02-08 21:27:44 +01:00
|
|
|
display_name = 'in MISP?'
|
2019-02-08 22:41:33 +01:00
|
|
|
input_type = Unknown
|
2019-02-08 21:27:44 +01:00
|
|
|
|
|
|
|
|
def do_transform(self, request, response, config):
|
|
|
|
|
maltego_misp_attribute = request.entity
|
2019-02-09 07:46:46 +01:00
|
|
|
# skip MISP Events (value = int)
|
|
|
|
|
try:
|
|
|
|
|
int(maltego_misp_attribute.value)
|
|
|
|
|
return response
|
|
|
|
|
except Exception:
|
|
|
|
|
pass
|
|
|
|
|
|
2019-02-08 21:27:44 +01:00
|
|
|
misp = get_misp_connection(config)
|
|
|
|
|
events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)
|
|
|
|
|
in_misp = False
|
|
|
|
|
for e in events_json['response']:
|
|
|
|
|
in_misp = True
|
|
|
|
|
break
|
2019-02-08 22:41:33 +01:00
|
|
|
# find the object again, and bookmark it green
|
|
|
|
|
# we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
|
2019-02-08 21:27:44 +01:00
|
|
|
if in_misp:
|
2019-02-08 22:41:33 +01:00
|
|
|
for e in events_json['response']:
|
|
|
|
|
attr = get_attribute_in_event(e, maltego_misp_attribute.value)
|
|
|
|
|
if attr:
|
|
|
|
|
for item in attribute_to_entity(attr, only_self=True):
|
|
|
|
|
response += item
|
2019-02-08 21:27:44 +01:00
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
2018-11-12 13:25:53 +01:00
|
|
|
# @EnableDebugWindow
|
|
|
|
|
class AttributeToEvent(Transform):
|
2019-02-08 22:41:33 +01:00
|
|
|
display_name = 'to MISP Event'
|
|
|
|
|
input_type = Unknown
|
2018-11-12 13:25:53 +01:00
|
|
|
|
|
|
|
|
def do_transform(self, request, response, config):
|
|
|
|
|
maltego_misp_attribute = request.entity
|
2019-02-09 07:46:46 +01:00
|
|
|
# skip MISP Events (value = int)
|
|
|
|
|
try:
|
|
|
|
|
int(maltego_misp_attribute.value)
|
|
|
|
|
return response
|
|
|
|
|
except Exception:
|
|
|
|
|
pass
|
|
|
|
|
|
2018-11-12 13:25:53 +01:00
|
|
|
misp = get_misp_connection(config)
|
|
|
|
|
events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)
|
2019-02-07 14:57:15 +01:00
|
|
|
in_misp = False
|
2018-11-12 13:25:53 +01:00
|
|
|
for e in events_json['response']:
|
2019-02-07 14:57:15 +01:00
|
|
|
in_misp = True
|
2018-12-11 15:44:48 +01:00
|
|
|
response += event_to_entity(e)
|
2019-02-08 22:41:33 +01:00
|
|
|
# find the object again, and bookmark it green
|
|
|
|
|
# we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
|
2019-02-07 14:57:15 +01:00
|
|
|
if in_misp:
|
2019-02-08 22:41:33 +01:00
|
|
|
for e in events_json['response']:
|
|
|
|
|
attr = get_attribute_in_event(e, maltego_misp_attribute.value)
|
|
|
|
|
if attr:
|
|
|
|
|
for item in attribute_to_entity(attr, only_self=True):
|
|
|
|
|
response += item
|
2018-11-12 13:25:53 +01:00
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
def on_terminate(self):
|
|
|
|
|
"""This method gets called when transform execution is prematurely terminated. It is only applicable for local
|
|
|
|
|
transforms. It can be excluded if you don't need it."""
|
|
|
|
|
pass
|
