mirror of https://github.com/MISP/MISP-maltego
chg: [galaxies] minor cleanup
parent
46ad6abdba
commit
6fc393bed9
|
@ -1,6 +1,5 @@
|
||||||
from canari.maltego.entities import Hashtag
|
from canari.maltego.entities import Hashtag
|
||||||
from canari.maltego.transform import Transform
|
from canari.maltego.transform import Transform
|
||||||
# from canari.framework import EnableDebugWindow
|
|
||||||
from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject
|
from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject
|
||||||
from MISP_maltego.transforms.common.util import check_update, get_misp_connection, attribute_to_entity, event_to_entity, galaxycluster_to_entity, object_to_entity, object_to_attributes, object_to_relations, tag_matches_note_prefix
|
from MISP_maltego.transforms.common.util import check_update, get_misp_connection, attribute_to_entity, event_to_entity, galaxycluster_to_entity, object_to_entity, object_to_attributes, object_to_relations, tag_matches_note_prefix
|
||||||
from canari.maltego.message import LinkStyle
|
from canari.maltego.message import LinkStyle
|
||||||
|
@ -84,7 +83,6 @@ class EventToTransform(Transform):
|
||||||
self.response += event_to_entity(e, link_style=LinkStyle.DashDot)
|
self.response += event_to_entity(e, link_style=LinkStyle.DashDot)
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class EventToAll(EventToTransform):
|
class EventToAll(EventToTransform):
|
||||||
input_type = MISPEvent
|
input_type = MISPEvent
|
||||||
description = 'Expands an Event to Attributes, Objects, Tags, Galaxies'
|
description = 'Expands an Event to Attributes, Objects, Tags, Galaxies'
|
||||||
|
@ -100,7 +98,6 @@ class EventToAll(EventToTransform):
|
||||||
return self.response
|
return self.response
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class EventToAttributes(EventToTransform):
|
class EventToAttributes(EventToTransform):
|
||||||
input_type = MISPEvent
|
input_type = MISPEvent
|
||||||
description = 'Expands an Event to Attributes'
|
description = 'Expands an Event to Attributes'
|
||||||
|
@ -113,7 +110,6 @@ class EventToAttributes(EventToTransform):
|
||||||
return self.response
|
return self.response
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class EventToTags(EventToTransform):
|
class EventToTags(EventToTransform):
|
||||||
input_type = MISPEvent
|
input_type = MISPEvent
|
||||||
description = 'Expands an Event to Tags and Galaxies'
|
description = 'Expands an Event to Tags and Galaxies'
|
||||||
|
@ -127,7 +123,6 @@ class EventToTags(EventToTransform):
|
||||||
return self.response
|
return self.response
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class EventToGalaxies(EventToTransform):
|
class EventToGalaxies(EventToTransform):
|
||||||
input_type = MISPEvent
|
input_type = MISPEvent
|
||||||
description = 'Expands an Event to Galaxies'
|
description = 'Expands an Event to Galaxies'
|
||||||
|
@ -140,7 +135,6 @@ class EventToGalaxies(EventToTransform):
|
||||||
return self.response
|
return self.response
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class EventToObjects(EventToTransform):
|
class EventToObjects(EventToTransform):
|
||||||
input_type = MISPEvent
|
input_type = MISPEvent
|
||||||
description = 'Expands an Event to Objects'
|
description = 'Expands an Event to Objects'
|
||||||
|
@ -153,7 +147,6 @@ class EventToObjects(EventToTransform):
|
||||||
return self.response
|
return self.response
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class EventToRelations(EventToTransform):
|
class EventToRelations(EventToTransform):
|
||||||
input_type = MISPEvent
|
input_type = MISPEvent
|
||||||
description = 'Expands an Event to related Events'
|
description = 'Expands an Event to related Events'
|
||||||
|
@ -166,7 +159,6 @@ class EventToRelations(EventToTransform):
|
||||||
return self.response
|
return self.response
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class ObjectToAttributes(Transform):
|
class ObjectToAttributes(Transform):
|
||||||
""""Expands an object to its attributes"""
|
""""Expands an object to its attributes"""
|
||||||
input_type = MISPObject
|
input_type = MISPObject
|
||||||
|
@ -190,7 +182,6 @@ class ObjectToAttributes(Transform):
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class ObjectToRelations(Transform):
|
class ObjectToRelations(Transform):
|
||||||
"""Expands an object to the relations of the object"""
|
"""Expands an object to the relations of the object"""
|
||||||
input_type = MISPObject
|
input_type = MISPObject
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
from canari.maltego.transform import Transform
|
from canari.maltego.transform import Transform
|
||||||
# from canari.framework import EnableDebugWindow
|
|
||||||
from MISP_maltego.transforms.common.entities import MISPEvent, MISPGalaxy, ThreatActor, Software, AttackTechnique
|
from MISP_maltego.transforms.common.entities import MISPEvent, MISPGalaxy, ThreatActor, Software, AttackTechnique
|
||||||
from MISP_maltego.transforms.common.util import check_update, get_misp_connection, galaxycluster_to_entity, get_galaxy_cluster, get_galaxies_relating, search_galaxy_cluster, mapping_galaxy_icon
|
from MISP_maltego.transforms.common.util import check_update, get_misp_connection, galaxycluster_to_entity, get_galaxy_cluster, get_galaxies_relating, search_galaxy_cluster, mapping_galaxy_icon
|
||||||
from canari.maltego.message import UIMessageType, UIMessage, LinkDirection
|
from canari.maltego.message import UIMessageType, UIMessage, LinkDirection
|
||||||
|
@ -16,7 +15,6 @@ __email__ = 'christophe@vandeplas.com'
|
||||||
__status__ = 'Development'
|
__status__ = 'Development'
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class GalaxyToEvents(Transform):
|
class GalaxyToEvents(Transform):
|
||||||
"""Expands a Galaxy to multiple MISP Events."""
|
"""Expands a Galaxy to multiple MISP Events."""
|
||||||
|
|
||||||
|
@ -26,38 +24,35 @@ class GalaxyToEvents(Transform):
|
||||||
|
|
||||||
def do_transform(self, request, response, config):
|
def do_transform(self, request, response, config):
|
||||||
response += check_update(config)
|
response += check_update(config)
|
||||||
maltego_misp_galaxy = request.entity
|
|
||||||
misp = get_misp_connection(config, request.parameters)
|
misp = get_misp_connection(config, request.parameters)
|
||||||
if maltego_misp_galaxy.tag_name:
|
if request.entity.tag_name:
|
||||||
tag_name = maltego_misp_galaxy.tag_name
|
tag_name = request.entity.tag_name
|
||||||
else:
|
else:
|
||||||
tag_name = maltego_misp_galaxy.value
|
tag_name = request.entity.value
|
||||||
events_json = misp.search(controller='events', tags=tag_name, with_attachments=False)
|
events_json = misp.search(controller='events', tags=tag_name, with_attachments=False)
|
||||||
for e in events_json:
|
for e in events_json:
|
||||||
response += MISPEvent(e['Event']['id'], uuid=e['Event']['uuid'], info=e['Event']['info'], link_direction=LinkDirection.OutputToInput)
|
response += MISPEvent(e['Event']['id'], uuid=e['Event']['uuid'], info=e['Event']['info'], link_direction=LinkDirection.OutputToInput)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
# @EnableDebugWindow
|
|
||||||
class GalaxyToTransform(Transform):
|
class GalaxyToTransform(Transform):
|
||||||
input_type = None
|
input_type = None
|
||||||
|
|
||||||
def do_transform(self, request, response, config, type_filter=MISPGalaxy):
|
def do_transform(self, request, response, config, type_filter=MISPGalaxy):
|
||||||
response += check_update(config)
|
response += check_update(config)
|
||||||
maltego_misp_galaxy = request.entity
|
|
||||||
|
|
||||||
current_cluster = None
|
current_cluster = None
|
||||||
if maltego_misp_galaxy.uuid:
|
if request.entity.uuid:
|
||||||
current_cluster = get_galaxy_cluster(uuid=maltego_misp_galaxy.uuid)
|
current_cluster = get_galaxy_cluster(uuid=request.entity.uuid)
|
||||||
elif maltego_misp_galaxy.tag_name:
|
elif request.entity.tag_name:
|
||||||
current_cluster = get_galaxy_cluster(tag=maltego_misp_galaxy.tag_name)
|
current_cluster = get_galaxy_cluster(tag=request.entity.tag_name)
|
||||||
elif maltego_misp_galaxy.name:
|
elif request.entity.name:
|
||||||
current_cluster = get_galaxy_cluster(tag=maltego_misp_galaxy.name)
|
current_cluster = get_galaxy_cluster(tag=request.entity.name)
|
||||||
|
|
||||||
if not current_cluster and maltego_misp_galaxy.name != '-':
|
if not current_cluster and request.entity.name != '-':
|
||||||
# maybe the user is searching for a cluster based on a substring.
|
# maybe the user is searching for a cluster based on a substring.
|
||||||
# Search in the list for those that match and return galaxy entities
|
# Search in the list for those that match and return galaxy entities
|
||||||
potential_clusters = search_galaxy_cluster(maltego_misp_galaxy.name)
|
potential_clusters = search_galaxy_cluster(request.entity.name)
|
||||||
# TODO check if duplicates are possible
|
# TODO check if duplicates are possible
|
||||||
if potential_clusters:
|
if potential_clusters:
|
||||||
for potential_cluster in potential_clusters:
|
for potential_cluster in potential_clusters:
|
||||||
|
|
Loading…
Reference in New Issue