MISP
/
MISP-maltego
mirror of https://github.com/MISP/MISP-maltego
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [transform] fixes #35 - slow Search in MISP

pull/40/head
Christophe Vandeplas 2020-06-14 19:54:49 +02:00
parent 84868d8cfb
commit 0b71d8a4f4
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/MISP_maltego/transforms/attributetoevent.py
View File

@ -82,19 +82,23 @@ class SearchInMISP(Transform):
# for all other normal entities # for all other normal entities
conn = MISPConnection(config, request.parameters) conn = MISPConnection(config, request.parameters)
events_json = conn.misp.search(controller='events', value=request.entity.value, with_attachments=False)
# we need to do really rebuild the Entity from scratch as request.entity is of type Unknown # we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
for e in events_json: # TODO First try to build the object, then only attributes (for those that are not in object, or for all?)
# find the value as attribute # obj_json = conn.misp.search(controller='objects', value=request.entity.value, with_attachments=False)
attr = get_attribute_in_event(e, request.entity.value, substring=True) # for o in obj_json:
if attr: # for item in attribute_to_entity(attr, only_self=True, link_label=link_label):
for item in attribute_to_entity(attr, only_self=True): # response += item
response += item # # find the value as object, and return the object
# find the value as object, and return the object # if 'Object' in e['Event']:
if 'Object' in e['Event']: # for o in e['Event']['Object']:
for o in e['Event']['Object']: # if get_attribute_in_object(o, attribute_value=request.entity.value, substring=True).get('value'):
if get_attribute_in_object(o, attribute_value=request.entity.value, substring=True).get('value'): # response += conn.object_to_entity(o, link_label=link_label)
response += conn.object_to_entity(o, link_label=link_label)
attr_json = conn.misp.search(controller='attributes', value=request.entity.value, with_attachments=False)
for a in attr_json['Attribute']:
for item in attribute_to_entity(a, only_self=True, link_label=link_label):
response += item
return response return response