From 66962b0e82df33ff6c8e5b21f28e27ad702ff5c3 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Thu, 2 May 2019 21:20:28 +0200 Subject: [PATCH] new: [galaxy] reverse relationships --- src/MISP_maltego/transforms/common/util.py | 9 +++++---- src/MISP_maltego/transforms/galaxytoevent.py | 11 ++++++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/MISP_maltego/transforms/common/util.py b/src/MISP_maltego/transforms/common/util.py index 2c7fc74..eaf6305 100644 --- a/src/MISP_maltego/transforms/common/util.py +++ b/src/MISP_maltego/transforms/common/util.py @@ -1,6 +1,6 @@ from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Person, Hashtag, Location, Company, Alias, Port, Twitter from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject, MISPGalaxy -from canari.maltego.message import Label, LinkStyle, MaltegoException, Bookmark +from canari.maltego.message import Label, LinkStyle, MaltegoException, Bookmark, LinkDirection from pymisp import PyMISP import json import os @@ -381,7 +381,7 @@ def event_to_entity(e, link_style=LinkStyle.Normal): return MISPEvent(e['Event']['id'], uuid=e['Event']['uuid'], info=e['Event']['info'], link_style=link_style, notes=notes, bookmark=Bookmark.Green) -def galaxycluster_to_entity(c, link_label=None): +def galaxycluster_to_entity(c, link_label=None, link_direction=LinkDirection.InputToOutput): if 'meta' in c and 'uuid' in c['meta']: c['uuid'] = c['meta']['uuid'].pop(0) @@ -408,11 +408,12 @@ def galaxycluster_to_entity(c, link_label=None): synonyms=synonyms, tag_name=c['tag_name'], link_label=link_label, - icon_url=icon_url + icon_url=icon_url, + link_direction=link_direction ) -# FIXME this uses the galaxies from github as the MISP web UI does not fully support the Galaxies in the webui. +# LATER this uses the galaxies from github as the MISP web UI does not fully support the Galaxies in the webui. # See https://github.com/MISP/MISP/issues/3801 galaxy_archive_url = 'https://github.com/MISP/misp-galaxy/archive/master.zip' local_path_root = os.path.join(tempfile.gettempdir(), 'MISP-maltego') diff --git a/src/MISP_maltego/transforms/galaxytoevent.py b/src/MISP_maltego/transforms/galaxytoevent.py index 9981b00..97af7a8 100644 --- a/src/MISP_maltego/transforms/galaxytoevent.py +++ b/src/MISP_maltego/transforms/galaxytoevent.py @@ -2,7 +2,7 @@ from canari.maltego.transform import Transform # from canari.framework import EnableDebugWindow from MISP_maltego.transforms.common.entities import MISPEvent, MISPGalaxy from MISP_maltego.transforms.common.util import get_misp_connection, galaxycluster_to_entity, get_galaxy_cluster, get_galaxies_relating, search_galaxy_cluster, mapping_galaxy_icon -from canari.maltego.message import UIMessageType, UIMessage +from canari.maltego.message import UIMessageType, UIMessage, LinkDirection __author__ = 'Christophe Vandeplas' @@ -102,6 +102,11 @@ class GalaxyToRelations(Transform): if related_cluster: response += galaxycluster_to_entity(related_cluster, link_label=related['type']) # find objects that are relating to this one - # for related in get_galaxies_relating(current_cluster['uuid']): - # response += galaxycluster_to_entity(related, link_label="TODO opposite of ".format(related['type'])) # TODO link_label should be opposite + for related in get_galaxies_relating(current_cluster['uuid']): + related_link_label = '' + for rel_in_rel in related['related']: + if rel_in_rel['dest-uuid'] == current_cluster['uuid']: + related_link_label = rel_in_rel['type'] + break + response += galaxycluster_to_entity(related, link_label=related_link_label, link_direction=LinkDirection.OutputToInput) return response