Merge pull request #12 from sebdraven/master

Add a tranform to have just tags on an event
2019-04-30 10:52:35 +02:00 · 2019-04-30 10:52:35 +02:00 · 3056e300de
parent 40e7d64482 aa05ea632c
commit 3056e300de
1 changed files with 29 additions and 0 deletions
--- a/src/MISP_maltego/transforms/eventtoattributes.py
+++ b/src/MISP_maltego/transforms/eventtoattributes.py
@ -16,7 +16,35 @@ __maintainer__ = 'Christophe Vandeplas'
 __email__ = 'christophe@vandeplas.com'
 __status__ = 'Development'

+# @EnableDebugWindow
+class EventToTags(Transform):
+    """"Expands an object to its attributes"""
+    input_type = MISPEvent
+    description = 'Expands an Event with tags'

+    def do_transform(self, request, response, config):
+        maltego_misp_event = request.entity
+        misp = get_misp_connection(config)
+        event_json = misp.get_event(maltego_misp_event.id)
+        event_tags = []
+
+        if 'Tag' in event_json['Event']:
+            for t in event_json['Event']['Tag']:
+                event_tags.append(t['name'])
+                # ignore all misp-galaxies
+                if t['name'].startswith('misp-galaxy'):
+                    continue
+                response += Hashtag(t['name'])
+
+        for g in event_json['Event']['Galaxy']:
+            for c in g['GalaxyCluster']:
+                response += galaxycluster_to_entity(c)
+        return response
+
+    def on_terminate(self):
+        """This method gets called when transform execution is prematurely terminated. It is only applicable for local
+        transforms. It can be excluded if you don't need it."""
+        pass
 # @EnableDebugWindow
 class EventToAttributes(Transform):
    """Expands an event to attributes, objects, tags and galaxies."""
@ -93,3 +121,4 @@ class ObjectToAttributes(Transform):
                        response += entity

        return response
+