mirror of https://github.com/MISP/MISP-maltego
Christophe Vandeplas
GitHub
commit
476f007f41
4
setup.py
4
setup.py
|
|
@ -9,7 +9,7 @@ setup(
|
||||||
name='MISP_maltego',
|
name='MISP_maltego',
|
||||||
author='Christophe Vandeplas',
|
author='Christophe Vandeplas',
|
||||||
# also update version in util.py
|
# also update version in util.py
|
||||||
version='1.4.5',
|
version='1.4.6',
|
||||||
author_email='christophe@vandeplas.com',
|
author_email='christophe@vandeplas.com',
|
||||||
maintainer='Christophe Vandeplas',
|
maintainer='Christophe Vandeplas',
|
||||||
url='https://github.com/MISP/MISP-maltego',
|
url='https://github.com/MISP/MISP-maltego',
|
||||||
|
|
@ -36,7 +36,7 @@ setup(
|
||||||
python_requires='>=3.5',
|
python_requires='>=3.5',
|
||||||
install_requires=[
|
install_requires=[
|
||||||
'canari>=3.3.10,<4',
|
'canari>=3.3.10,<4',
|
||||||
'PyMISP>=2.4.114'
|
'PyMISP>=2.4.127'
|
||||||
],
|
],
|
||||||
dependency_links=[
|
dependency_links=[
|
||||||
# custom links for the install_requires
|
# custom links for the install_requires
|
||||||
|
|
|
||||||
|
|
@ -82,19 +82,24 @@ class SearchInMISP(Transform):
|
||||||
|
|
||||||
# for all other normal entities
|
# for all other normal entities
|
||||||
conn = MISPConnection(config, request.parameters)
|
conn = MISPConnection(config, request.parameters)
|
||||||
events_json = conn.misp.search(controller='events', value=request.entity.value, with_attachments=False)
|
|
||||||
# we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
|
# we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
|
||||||
for e in events_json:
|
# TODO First try to build the object, then only attributes (for those that are not in object, or for all?)
|
||||||
# find the value as attribute
|
# TODO check for the right version of MISP before, it needs to be 2.4.127 or higher.
|
||||||
attr = get_attribute_in_event(e, request.entity.value, substring=True)
|
# obj_json = conn.misp.search(controller='objects', value=request.entity.value, with_attachments=False)
|
||||||
if attr:
|
# for o in obj_json:
|
||||||
for item in attribute_to_entity(attr, only_self=True):
|
# for item in attribute_to_entity(attr, only_self=True, link_label=link_label):
|
||||||
response += item
|
# response += item
|
||||||
# find the value as object, and return the object
|
# # find the value as object, and return the object
|
||||||
if 'Object' in e['Event']:
|
# if 'Object' in e['Event']:
|
||||||
for o in e['Event']['Object']:
|
# for o in e['Event']['Object']:
|
||||||
if get_attribute_in_object(o, attribute_value=request.entity.value, substring=True).get('value'):
|
# if get_attribute_in_object(o, attribute_value=request.entity.value, substring=True).get('value'):
|
||||||
response += conn.object_to_entity(o, link_label=link_label)
|
# response += conn.object_to_entity(o, link_label=link_label)
|
||||||
|
|
||||||
|
attr_json = conn.misp.search(controller='attributes', value=request.entity.value, with_attachments=False)
|
||||||
|
for a in attr_json['Attribute']:
|
||||||
|
for item in attribute_to_entity(a, only_self=True, link_label=link_label):
|
||||||
|
response += item
|
||||||
|
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ import requests
|
||||||
import tempfile
|
import tempfile
|
||||||
import time
|
import time
|
||||||
|
|
||||||
__version__ = '1.4.5' # also update version in setup.py
|
__version__ = '1.4.6' # also update version in setup.py
|
||||||
|
|
||||||
tag_note_prefixes = ['tlp:', 'PAP:', 'de-vs:', 'euci:', 'fr-classif:', 'nato:']
|
tag_note_prefixes = ['tlp:', 'PAP:', 'de-vs:', 'euci:', 'fr-classif:', 'nato:']
|
||||||
|
|
||||||
|
|
@ -85,7 +85,7 @@ class MISPConnection():
|
||||||
misp_key = parameters['mispkey'].value
|
misp_key = parameters['mispkey'].value
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
raise MaltegoException("ERROR: mispurl and mispkey need to be set to something valid")
|
raise MaltegoException("ERROR: mispurl and mispkey need to be set to something valid")
|
||||||
self.misp = PyMISP(misp_url, misp_key, misp_verify, 'json', misp_debug, tool='misp_maltego')
|
self.misp = PyMISP(url=misp_url, key=misp_key, ssl=misp_verify, debug=misp_debug, tool='misp_maltego', timeout=(2, 60))
|
||||||
except Exception:
|
except Exception:
|
||||||
if is_local_exec_mode():
|
if is_local_exec_mode():
|
||||||
raise MaltegoException("ERROR: Cannot connect to MISP server. Please verify your MISP_Maltego.conf settings.")
|
raise MaltegoException("ERROR: Cannot connect to MISP server. Please verify your MISP_Maltego.conf settings.")
|
||||||
|
|
@ -219,6 +219,7 @@ def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False):
|
||||||
if a['type'] in ('url', 'uri'):
|
if a['type'] in ('url', 'uri'):
|
||||||
yield(URL(url=a['value'], short_title=a['value'], link_label=link_label, notes=notes, bookmark=Bookmark.Green))
|
yield(URL(url=a['value'], short_title=a['value'], link_label=link_label, notes=notes, bookmark=Bookmark.Green))
|
||||||
return
|
return
|
||||||
|
# FIXME implement attachment screenshot type
|
||||||
|
|
||||||
# attribute is from an object, and a relation gives better understanding of the type of attribute
|
# attribute is from an object, and a relation gives better understanding of the type of attribute
|
||||||
if a.get('object_relation') and mapping_misp_to_maltego.get(a['object_relation']):
|
if a.get('object_relation') and mapping_misp_to_maltego.get(a['object_relation']):
|
||||||
|
|
@ -444,9 +445,9 @@ def galaxycluster_to_entity(c, link_label=None, link_direction=LinkDirection.Inp
|
||||||
|
|
||||||
# LATER this uses the galaxies from github as the MISP web UI does not fully support the Galaxies in the webui.
|
# LATER this uses the galaxies from github as the MISP web UI does not fully support the Galaxies in the webui.
|
||||||
# See https://github.com/MISP/MISP/issues/3801
|
# See https://github.com/MISP/MISP/issues/3801
|
||||||
galaxy_archive_url = 'https://github.com/MISP/misp-galaxy/archive/master.zip'
|
galaxy_archive_url = 'https://github.com/MISP/misp-galaxy/archive/main.zip'
|
||||||
local_path_uuid_mapping = os.path.join(local_path_root, 'MISP_maltego_galaxy_mapping.json')
|
local_path_uuid_mapping = os.path.join(local_path_root, 'MISP_maltego_galaxy_mapping.json')
|
||||||
local_path_clusters = os.path.join(local_path_root, 'misp-galaxy-master', 'clusters')
|
local_path_clusters = os.path.join(local_path_root, 'misp-galaxy-main', 'clusters')
|
||||||
galaxy_cluster_uuids = None
|
galaxy_cluster_uuids = None
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -479,6 +480,8 @@ def galaxy_update_local_copy(force=False):
|
||||||
zf.extractall(local_path_root)
|
zf.extractall(local_path_root)
|
||||||
zf.close()
|
zf.close()
|
||||||
except Exception:
|
except Exception:
|
||||||
|
# remove the lock
|
||||||
|
os.remove(lockfile)
|
||||||
raise(MaltegoException("ERROR: Could not download Galaxy data from htts://github.com/MISP/MISP-galaxy/. Please check internet connectivity."))
|
raise(MaltegoException("ERROR: Could not download Galaxy data from htts://github.com/MISP/MISP-galaxy/. Please check internet connectivity."))
|
||||||
|
|
||||||
# generate the uuid mapping and save it to a file
|
# generate the uuid mapping and save it to a file
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue