MISP
/
MISP-maltego
mirror of https://github.com/MISP/MISP-maltego
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [transform] fixes #35 - slow Search in MISP

pull/40/head
Christophe Vandeplas 2020-06-14 19:54:49 +02:00
parent 84868d8cfb
commit 0b71d8a4f4
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/MISP_maltego/transforms/attributetoevent.py
View File

@ -82,19 +82,23 @@ class SearchInMISP(Transform):
# for all other normal entities
conn = MISPConnection(config, request.parameters)
events_json = conn.misp.search(controller='events', value=request.entity.value, with_attachments=False)
# we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
for e in events_json:
# find the value as attribute
attr = get_attribute_in_event(e, request.entity.value, substring=True)
if attr:
for item in attribute_to_entity(attr, only_self=True):
response += item
# find the value as object, and return the object
if 'Object' in e['Event']:
for o in e['Event']['Object']:
if get_attribute_in_object(o, attribute_value=request.entity.value, substring=True).get('value'):
response += conn.object_to_entity(o, link_label=link_label)
# TODO First try to build the object, then only attributes (for those that are not in object, or for all?)
# obj_json = conn.misp.search(controller='objects', value=request.entity.value, with_attachments=False)
# for o in obj_json:
# for item in attribute_to_entity(attr, only_self=True, link_label=link_label):
# response += item
# # find the value as object, and return the object
# if 'Object' in e['Event']:
# for o in e['Event']['Object']:
# if get_attribute_in_object(o, attribute_value=request.entity.value, substring=True).get('value'):
# response += conn.object_to_entity(o, link_label=link_label)
attr_json = conn.misp.search(controller='attributes', value=request.entity.value, with_attachments=False)
for a in attr_json['Attribute']:
for item in attribute_to_entity(a, only_self=True, link_label=link_label):
response += item
return response