MISP
/
MISP-maltego
mirror of https://github.com/MISP/MISP-maltego
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: minor small fixes

pull/15/head
Christophe Vandeplas 2019-03-16 18:31:46 +01:00
parent d46f817e76
commit 0570789ff5
4 changed files with 37 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
setup.py
View File

@ -30,7 +30,7 @@ setup(
}, },
python_requires='>=3.5', python_requires='>=3.5',
install_requires=[ install_requires=[
'canari>=3.3.9,<4', 'canari>=3.3.10,<4',
'PyMISP' 'PyMISP'
], ],
dependency_links=[ dependency_links=[

28
src/MISP_maltego/transforms/attributetoevent.py
View File

@ -1,7 +1,7 @@
from canari.maltego.entities import Netblock, Unknown
from canari.maltego.transform import Transform from canari.maltego.transform import Transform
# from canari.framework import EnableDebugWindow # from canari.framework import EnableDebugWindow
from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, get_attribute_in_event, attribute_to_entity from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, get_attribute_in_event, attribute_to_entity
from MISP_maltego.transforms.common.entities import Unknown
__author__ = 'Christophe Vandeplas' __author__ = 'Christophe Vandeplas'
__copyright__ = 'Copyright 2018, MISP_maltego Project' __copyright__ = 'Copyright 2018, MISP_maltego Project'
@ -46,6 +46,28 @@ class AttributeInMISP(Transform):
return response return response
# placeholder for https://github.com/MISP/MISP-maltego/issues/11
# waiting for support of CIDR search through the REST API
# @EnableDebugWindow
# class NetblockToAttributes(Transform):
# display_name = 'to MISP Attributes'
# input_type = Netblock
# def do_transform(self, request, response, config):
# maltego_misp_attribute = request.entity
# misp = get_misp_connection(config)
# import ipaddress
# ip_start, ip_end = maltego_misp_attribute.value.split('-')
# # FIXME make this work with IPv4 and IPv6
# # automagically detect the different CIDRs
# cidrs = ipaddress.summarize_address_range(ipaddress.IPv4Address(ip_start), ipaddress.IPv4Address(ip_end))
# for cidr in cidrs:
# print(str(cidr))
# attr_json = misp.search(controller='attributes', values=str(cidr), withAttachments=False)
# print(attr_json)
# return response
# @EnableDebugWindow # @EnableDebugWindow
class AttributeToEvent(Transform): class AttributeToEvent(Transform):
display_name = 'to MISP Event' display_name = 'to MISP Event'
@ -59,6 +81,10 @@ class AttributeToEvent(Transform):
return response return response
except Exception: except Exception:
pass pass
# test for Netblock
if 'ipv4-range' in request.entity.fields:
# placeholder for https://github.com/MISP/MISP-maltego/issues/11
pass
misp = get_misp_connection(config) misp = get_misp_connection(config)
events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False) events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)

12
src/MISP_maltego/transforms/common/entities.py
View File

@ -13,16 +13,10 @@ __status__ = 'Development'
__all__ = [ __all__ = [
'MISPEvent', 'MISPEvent',
'MISPObject', 'MISPObject',
'MISPGalaxy', 'MISPGalaxy'
'Unknown'
] ]
class Unknown(Entity):
_category_ = 'Unknown'
_namespace_ = 'maltego'
class MISPEvent(Entity): class MISPEvent(Entity):
_category_ = 'MISP' _category_ = 'MISP'
_namespace_ = 'misp' _namespace_ = 'misp'
@ -54,8 +48,8 @@ class MISPGalaxy(Entity):
_category_ = 'MISP' _category_ = 'MISP'
_namespace_ = 'misp' _namespace_ = 'misp'
uuid = StringEntityField('uuid', display_name='UUID') uuid = StringEntityField('uuid', display_name='UUID', matching_rule=MatchingRule.Loose)
name = StringEntityField('name', display_name='Name', is_value=True) name = StringEntityField('name', display_name='Name', is_value=True, matching_rule=MatchingRule.Loose)
description = StringEntityField('description', display_name='Description', matching_rule=MatchingRule.Loose) description = StringEntityField('description', display_name='Description', matching_rule=MatchingRule.Loose)
cluster_type = StringEntityField('galaxy_type', display_name='Type', matching_rule=MatchingRule.Loose) cluster_type = StringEntityField('galaxy_type', display_name='Type', matching_rule=MatchingRule.Loose)
cluster_value = StringEntityField('value', display_name='Value', matching_rule=MatchingRule.Loose) cluster_value = StringEntityField('value', display_name='Value', matching_rule=MatchingRule.Loose)

13
src/MISP_maltego/transforms/common/util.py
View File

@ -1,5 +1,5 @@
from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Person, Hashtag, Location, Company, Alias, Port, Twitter from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Person, Hashtag, Location, Company, Alias, Port, Twitter, Unknown
from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject, MISPGalaxy, Unknown from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject, MISPGalaxy
from canari.maltego.message import UIMessageType, UIMessage, Label, LinkStyle, MaltegoException, Bookmark from canari.maltego.message import UIMessageType, UIMessage, Label, LinkStyle, MaltegoException, Bookmark
from pymisp import PyMISP from pymisp import PyMISP
import json import json
@ -354,14 +354,13 @@ def galaxycluster_to_entity(c, link_label=None):
return MISPGalaxy( return MISPGalaxy(
'{}\n{}'.format(c['type'], c['value']), '{}\n{}'.format(c['type'], c['value']),
uuid=c['uuid'], uuid=c['uuid'],
description=c['description'], description=c.get('description'),
cluster_type=c['type'], cluster_type=c.get('type'),
cluster_value=c['value'], cluster_value=c.get('value'),
synonyms=synonyms, synonyms=synonyms,
tag_name=c['tag_name'], tag_name=c['tag_name'],
link_label=link_label, link_label=link_label,
icon_url=icon_url, icon_url=icon_url
bookmark=Bookmark.Green
) )