From 448609326fd3c01325c97aa53061e291c821ac71 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Wed, 25 Dec 2019 22:41:12 +0100 Subject: [PATCH] new: [remote] First remote Galaxy transforms tested and working --- src/MISP_maltego/resources/etc/MISP_maltego.conf | 1 + src/MISP_maltego/transforms/common/util.py | 5 +++++ src/MISP_maltego/transforms/galaxytoevent.py | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/src/MISP_maltego/resources/etc/MISP_maltego.conf b/src/MISP_maltego/resources/etc/MISP_maltego.conf index 5518662..96e575d 100644 --- a/src/MISP_maltego/resources/etc/MISP_maltego.conf +++ b/src/MISP_maltego/resources/etc/MISP_maltego.conf @@ -8,3 +8,4 @@ misp_debug = False check_updates = True [MISP_maltego.remote] + diff --git a/src/MISP_maltego/transforms/common/util.py b/src/MISP_maltego/transforms/common/util.py index c773e02..6da31a1 100644 --- a/src/MISP_maltego/transforms/common/util.py +++ b/src/MISP_maltego/transforms/common/util.py @@ -1,5 +1,6 @@ from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Person, Hashtag, Location, Company, Alias, Port, Twitter from canari.maltego.message import Label, LinkStyle, MaltegoException, Bookmark, LinkDirection, UIMessage, UIMessageType +from canari.mode import is_local_exec_mode, is_remote_exec_mode from distutils.version import StrictVersion from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject, MISPGalaxy, ThreatActor, Software, AttackTechnique from pymisp import ExpandedPyMISP as PyMISP @@ -124,9 +125,13 @@ local_path_root = os.path.join(tempfile.gettempdir(), 'MISP-maltego') local_path_version = os.path.join(local_path_root, 'versioncheck') if not os.path.exists(local_path_root): os.mkdir(local_path_root) + os.chmod(local_path_root, mode=0o777) # temporary workaround - see https://github.com/redcanari/canari3/issues/61 def check_update(config): + # Do not check updates if running as remote transform + if is_remote_exec_mode(): + return None # only raise the alert once a day/reboot to the user. try: if time.time() - os.path.getmtime(local_path_version) > 60 * 60 * 24: # check the timestamp of the file diff --git a/src/MISP_maltego/transforms/galaxytoevent.py b/src/MISP_maltego/transforms/galaxytoevent.py index b0698d7..eb51065 100644 --- a/src/MISP_maltego/transforms/galaxytoevent.py +++ b/src/MISP_maltego/transforms/galaxytoevent.py @@ -117,6 +117,7 @@ class GalaxyToTransform(Transform): class GalaxyToRelations(GalaxyToTransform): """Expands a Galaxy to related Galaxies and Clusters""" input_type = MISPGalaxy + remote = True def do_transform(self, request, response, config, type_filter=MISPGalaxy): return super().do_transform(request, response, config, type_filter) @@ -125,6 +126,7 @@ class GalaxyToRelations(GalaxyToTransform): class GalaxyToSoftware(GalaxyToTransform): """Expands a Galaxy to related Software/Tool Galaxies""" input_type = MISPGalaxy + remote = True def do_transform(self, request, response, config, type_filter=Software): return super().do_transform(request, response, config, type_filter) @@ -133,6 +135,7 @@ class GalaxyToSoftware(GalaxyToTransform): class GalaxyToThreatActor(GalaxyToTransform): """Expands a Galaxy to related ThreatActor Galaxies""" input_type = MISPGalaxy + remote = True def do_transform(self, request, response, config, type_filter=ThreatActor): return super().do_transform(request, response, config, type_filter) @@ -141,6 +144,7 @@ class GalaxyToThreatActor(GalaxyToTransform): class GalaxyToAttackTechnique(GalaxyToTransform): """Expands a Galaxy to related Attack Techniques Galaxies""" input_type = MISPGalaxy + remote = True def do_transform(self, request, response, config, type_filter=AttackTechnique): return super().do_transform(request, response, config, type_filter)