mirror of https://github.com/MISP/MISP-maltego
fix: [transform] to MISP Event
parent
a661343444
commit
72d3b11523
|
@ -1,7 +1,7 @@
|
||||||
from canari.maltego.entities import Netblock, Unknown
|
from canari.maltego.entities import Unknown
|
||||||
from canari.maltego.transform import Transform
|
from canari.maltego.transform import Transform
|
||||||
# from canari.framework import EnableDebugWindow
|
# from canari.framework import EnableDebugWindow
|
||||||
from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, get_attribute_in_event, attribute_to_entity
|
from MISP_maltego.transforms.common.util import get_misp_connection, event_to_entity, get_attribute_in_event, attribute_to_entity, get_entity_property
|
||||||
|
|
||||||
__author__ = 'Christophe Vandeplas'
|
__author__ = 'Christophe Vandeplas'
|
||||||
__copyright__ = 'Copyright 2018, MISP_maltego Project'
|
__copyright__ = 'Copyright 2018, MISP_maltego Project'
|
||||||
|
@ -74,20 +74,26 @@ class AttributeToEvent(Transform):
|
||||||
input_type = Unknown
|
input_type = Unknown
|
||||||
|
|
||||||
def do_transform(self, request, response, config):
|
def do_transform(self, request, response, config):
|
||||||
maltego_misp_attribute = request.entity
|
# skip some Entities
|
||||||
# skip MISP Events (value = int)
|
skip = ['properties.mispevent', 'properties.mispobject']
|
||||||
try:
|
for i in skip:
|
||||||
int(maltego_misp_attribute.value)
|
if i in request.entity.fields:
|
||||||
return response
|
return response
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
# test for Netblock
|
|
||||||
if 'ipv4-range' in request.entity.fields:
|
if 'ipv4-range' in request.entity.fields:
|
||||||
# placeholder for https://github.com/MISP/MISP-maltego/issues/11
|
# placeholder for https://github.com/MISP/MISP-maltego/issues/11
|
||||||
pass
|
pass
|
||||||
|
|
||||||
misp = get_misp_connection(config)
|
misp = get_misp_connection(config)
|
||||||
events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)
|
|
||||||
|
if 'properties.mispgalaxy' in request.entity.fields:
|
||||||
|
tag_name = get_entity_property(request.entity, 'tag_name')
|
||||||
|
if not tag_name:
|
||||||
|
tag_name = request.entity.value
|
||||||
|
events_json = misp.search(controller='events', tags=tag_name, withAttachments=False)
|
||||||
|
|
||||||
|
else:
|
||||||
|
events_json = misp.search(controller='events', values=request.entity.value, withAttachments=False)
|
||||||
in_misp = False
|
in_misp = False
|
||||||
for e in events_json['response']:
|
for e in events_json['response']:
|
||||||
in_misp = True
|
in_misp = True
|
||||||
|
@ -96,7 +102,7 @@ class AttributeToEvent(Transform):
|
||||||
# we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
|
# we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
|
||||||
if in_misp:
|
if in_misp:
|
||||||
for e in events_json['response']:
|
for e in events_json['response']:
|
||||||
attr = get_attribute_in_event(e, maltego_misp_attribute.value)
|
attr = get_attribute_in_event(e, request.entity.value)
|
||||||
if attr:
|
if attr:
|
||||||
for item in attribute_to_entity(attr, only_self=True):
|
for item in attribute_to_entity(attr, only_self=True):
|
||||||
response += item
|
response += item
|
||||||
|
|
|
@ -156,6 +156,13 @@ def entity_obj_to_entity(entity_obj, v, t, **kwargs):
|
||||||
return entity_obj(v, **kwargs)
|
return entity_obj(v, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
def get_entity_property(entity, name):
|
||||||
|
for k, v in entity.fields.items():
|
||||||
|
if k == name:
|
||||||
|
return v.value
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False):
|
def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False):
|
||||||
# prepare some attributes to a better form
|
# prepare some attributes to a better form
|
||||||
a['data'] = None # empty the file content as we really don't need this here
|
a['data'] = None # empty the file content as we really don't need this here
|
||||||
|
|
Loading…
Reference in New Issue