MISP
/
MISP-maltego
mirror of https://github.com/MISP/MISP-maltego
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [remote] First remote Galaxy transforms tested and working

pull/40/head
Christophe Vandeplas 2019-12-25 22:41:12 +01:00
parent a22e722562
commit 448609326f
3 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/MISP_maltego/resources/etc/MISP_maltego.conf
View File

@ -8,3 +8,4 @@ misp_debug = False
check_updates = True check_updates = True
[MISP_maltego.remote] [MISP_maltego.remote]

5
src/MISP_maltego/transforms/common/util.py
View File

@ -1,5 +1,6 @@
from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Person, Hashtag, Location, Company, Alias, Port, Twitter from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Person, Hashtag, Location, Company, Alias, Port, Twitter
from canari.maltego.message import Label, LinkStyle, MaltegoException, Bookmark, LinkDirection, UIMessage, UIMessageType from canari.maltego.message import Label, LinkStyle, MaltegoException, Bookmark, LinkDirection, UIMessage, UIMessageType
from canari.mode import is_local_exec_mode, is_remote_exec_mode
from distutils.version import StrictVersion from distutils.version import StrictVersion
from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject, MISPGalaxy, ThreatActor, Software, AttackTechnique from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject, MISPGalaxy, ThreatActor, Software, AttackTechnique
from pymisp import ExpandedPyMISP as PyMISP from pymisp import ExpandedPyMISP as PyMISP
@ -124,9 +125,13 @@ local_path_root = os.path.join(tempfile.gettempdir(), 'MISP-maltego')
local_path_version = os.path.join(local_path_root, 'versioncheck') local_path_version = os.path.join(local_path_root, 'versioncheck')
if not os.path.exists(local_path_root): if not os.path.exists(local_path_root):
os.mkdir(local_path_root) os.mkdir(local_path_root)
os.chmod(local_path_root, mode=0o777) # temporary workaround - see https://github.com/redcanari/canari3/issues/61
def check_update(config): def check_update(config):
# Do not check updates if running as remote transform
if is_remote_exec_mode():
return None
# only raise the alert once a day/reboot to the user. # only raise the alert once a day/reboot to the user.
try: try:
if time.time() - os.path.getmtime(local_path_version) > 60 * 60 * 24: # check the timestamp of the file if time.time() - os.path.getmtime(local_path_version) > 60 * 60 * 24: # check the timestamp of the file

4
src/MISP_maltego/transforms/galaxytoevent.py
View File

@ -117,6 +117,7 @@ class GalaxyToTransform(Transform):
class GalaxyToRelations(GalaxyToTransform): class GalaxyToRelations(GalaxyToTransform):
"""Expands a Galaxy to related Galaxies and Clusters""" """Expands a Galaxy to related Galaxies and Clusters"""
input_type = MISPGalaxy input_type = MISPGalaxy
remote = True
def do_transform(self, request, response, config, type_filter=MISPGalaxy): def do_transform(self, request, response, config, type_filter=MISPGalaxy):
return super().do_transform(request, response, config, type_filter) return super().do_transform(request, response, config, type_filter)
@ -125,6 +126,7 @@ class GalaxyToRelations(GalaxyToTransform):
class GalaxyToSoftware(GalaxyToTransform): class GalaxyToSoftware(GalaxyToTransform):
"""Expands a Galaxy to related Software/Tool Galaxies""" """Expands a Galaxy to related Software/Tool Galaxies"""
input_type = MISPGalaxy input_type = MISPGalaxy
remote = True
def do_transform(self, request, response, config, type_filter=Software): def do_transform(self, request, response, config, type_filter=Software):
return super().do_transform(request, response, config, type_filter) return super().do_transform(request, response, config, type_filter)
@ -133,6 +135,7 @@ class GalaxyToSoftware(GalaxyToTransform):
class GalaxyToThreatActor(GalaxyToTransform): class GalaxyToThreatActor(GalaxyToTransform):
"""Expands a Galaxy to related ThreatActor Galaxies""" """Expands a Galaxy to related ThreatActor Galaxies"""
input_type = MISPGalaxy input_type = MISPGalaxy
remote = True
def do_transform(self, request, response, config, type_filter=ThreatActor): def do_transform(self, request, response, config, type_filter=ThreatActor):
return super().do_transform(request, response, config, type_filter) return super().do_transform(request, response, config, type_filter)
@ -141,6 +144,7 @@ class GalaxyToThreatActor(GalaxyToTransform):
class GalaxyToAttackTechnique(GalaxyToTransform): class GalaxyToAttackTechnique(GalaxyToTransform):
"""Expands a Galaxy to related Attack Techniques Galaxies""" """Expands a Galaxy to related Attack Techniques Galaxies"""
input_type = MISPGalaxy input_type = MISPGalaxy
remote = True
def do_transform(self, request, response, config, type_filter=AttackTechnique): def do_transform(self, request, response, config, type_filter=AttackTechnique):
return super().do_transform(request, response, config, type_filter) return super().do_transform(request, response, config, type_filter)