chg: [relations] Favor machines for Event relations

2019-02-09 07:46:46 +01:00 · 2019-02-09 07:46:46 +01:00 · 521e2cd38a
parent 7b6796cda2
commit 521e2cd38a
3 changed files with 36 additions and 17 deletions
--- a/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine
+++ b/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine
@ -4,9 +4,16 @@ machine("misp.MISPEventToAll",
        description: "Automatically expands MISP Objects to their attributes") {
    start {
        run("MISP_maltego.EventToAttributes")
+        run("MISP_maltego.AttributeToEvent")
        paths {
+            path {
                run("MISP_maltego.ObjectToAttributes")
+                run("MISP_maltego.AttributeToEvent")
+            }
+            path {
                run("MISP_maltego.GalaxyToRelations")
            }
        }
+        
+    }
 }
--- a/src/MISP_maltego/transforms/attributetoevent.py
+++ b/src/MISP_maltego/transforms/attributetoevent.py
@ -1,6 +1,4 @@
-from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Hashtag, Company, Alias, Twitter
 from canari.maltego.transform import Transform
-from canari.maltego.message import Bookmark
 # from canari.framework import EnableDebugWindow
 from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, get_attribute_in_event, attribute_to_entity
 from MISP_maltego.transforms.common.entities import Unknown
@ -24,6 +22,13 @@ class AttributeInMISP(Transform):

    def do_transform(self, request, response, config):
        maltego_misp_attribute = request.entity
+        # skip MISP Events (value = int)
+        try:
+            int(maltego_misp_attribute.value)
+            return response
+        except Exception:
+            pass
+
        misp = get_misp_connection(config)
        events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)
        in_misp = False
@ -48,6 +53,13 @@ class AttributeToEvent(Transform):

    def do_transform(self, request, response, config):
        maltego_misp_attribute = request.entity
+        # skip MISP Events (value = int)
+        try:
+            int(maltego_misp_attribute.value)
+            return response
+        except Exception:
+            pass
+
        misp = get_misp_connection(config)
        events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)
        in_misp = False
--- a/src/MISP_maltego/transforms/eventtoattributes.py
+++ b/src/MISP_maltego/transforms/eventtoattributes.py
@ -24,7 +24,7 @@ class EventToAttributes(Transform):

    # The transform input entity type.
    input_type = MISPEvent
-    description = 'Expands an Event to Attributes, Tags, Galaxies and related events'
+    description = 'Expands an Event to Attributes, Tags, Galaxies'

    def do_transform(self, request, response, config):
        maltego_misp_event = request.entity
@ -49,8 +49,8 @@ class EventToAttributes(Transform):
            for c in g['GalaxyCluster']:
                response += galaxycluster_to_entity(c)

-        for e in event_json['Event']['RelatedEvent']:
-            response += event_to_entity(e, link_style=LinkStyle.DashDot)
+        # for e in event_json['Event']['RelatedEvent']:
+        #     response += event_to_entity(e, link_style=LinkStyle.DashDot)

        for a in event_json['Event']["Attribute"]:
            for entity in attribute_to_entity(a, event_tags=event_tags):