From 521e2cd38a6eaa89ab710edef5e2965e570cb3e8 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Sat, 9 Feb 2019 07:46:46 +0100 Subject: [PATCH] chg: [relations] Favor machines for Event relations --- .../maltego/misp_MISPEventToAll.machine | 31 ++++++++++++------- .../transforms/attributetoevent.py | 16 ++++++++-- .../transforms/eventtoattributes.py | 6 ++-- 3 files changed, 36 insertions(+), 17 deletions(-) diff --git a/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine b/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine index 30b7167..fcc10b1 100644 --- a/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine +++ b/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine @@ -1,12 +1,19 @@ -machine("misp.MISPEventToAll", - displayName:"Event to All", - author:"Christophe Vandeplas", - description: "Automatically expands MISP Objects to their attributes") { - start { - run("MISP_maltego.EventToAttributes") - paths { - run("MISP_maltego.ObjectToAttributes") - run("MISP_maltego.GalaxyToRelations") - } - } -} +machine("misp.MISPEventToAll", + displayName:"Event to All", + author:"Christophe Vandeplas", + description: "Automatically expands MISP Objects to their attributes") { + start { + run("MISP_maltego.EventToAttributes") + run("MISP_maltego.AttributeToEvent") + paths { + path { + run("MISP_maltego.ObjectToAttributes") + run("MISP_maltego.AttributeToEvent") + } + path { + run("MISP_maltego.GalaxyToRelations") + } + } + + } +} diff --git a/src/MISP_maltego/transforms/attributetoevent.py b/src/MISP_maltego/transforms/attributetoevent.py index 86422ff..cea3db4 100644 --- a/src/MISP_maltego/transforms/attributetoevent.py +++ b/src/MISP_maltego/transforms/attributetoevent.py @@ -1,6 +1,4 @@ -from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Hashtag, Company, Alias, Twitter from canari.maltego.transform import Transform -from canari.maltego.message import Bookmark # from canari.framework import EnableDebugWindow from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, get_attribute_in_event, attribute_to_entity from MISP_maltego.transforms.common.entities import Unknown @@ -24,6 +22,13 @@ class AttributeInMISP(Transform): def do_transform(self, request, response, config): maltego_misp_attribute = request.entity + # skip MISP Events (value = int) + try: + int(maltego_misp_attribute.value) + return response + except Exception: + pass + misp = get_misp_connection(config) events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False) in_misp = False @@ -48,6 +53,13 @@ class AttributeToEvent(Transform): def do_transform(self, request, response, config): maltego_misp_attribute = request.entity + # skip MISP Events (value = int) + try: + int(maltego_misp_attribute.value) + return response + except Exception: + pass + misp = get_misp_connection(config) events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False) in_misp = False diff --git a/src/MISP_maltego/transforms/eventtoattributes.py b/src/MISP_maltego/transforms/eventtoattributes.py index f4401d2..2844935 100644 --- a/src/MISP_maltego/transforms/eventtoattributes.py +++ b/src/MISP_maltego/transforms/eventtoattributes.py @@ -24,7 +24,7 @@ class EventToAttributes(Transform): # The transform input entity type. input_type = MISPEvent - description = 'Expands an Event to Attributes, Tags, Galaxies and related events' + description = 'Expands an Event to Attributes, Tags, Galaxies' def do_transform(self, request, response, config): maltego_misp_event = request.entity @@ -49,8 +49,8 @@ class EventToAttributes(Transform): for c in g['GalaxyCluster']: response += galaxycluster_to_entity(c) - for e in event_json['Event']['RelatedEvent']: - response += event_to_entity(e, link_style=LinkStyle.DashDot) + # for e in event_json['Event']['RelatedEvent']: + # response += event_to_entity(e, link_style=LinkStyle.DashDot) for a in event_json['Event']["Attribute"]: for entity in attribute_to_entity(a, event_tags=event_tags):