From 757368fba79fa673b43824e22b1b650429c74ce6 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Tue, 11 Dec 2018 13:59:50 +0100 Subject: [PATCH] new: [machine] EventToAll expanding to everything direct relations --- README.md | 55 +------------------ .../maltego/misp_MISPEventToAll.machine | 12 ++++ 2 files changed, 13 insertions(+), 54 deletions(-) create mode 100644 src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine diff --git a/README.md b/README.md index 3c64e0d..86975c1 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ This is a Maltego MISP integration tool allowing you to view (read-only) data fr Currently supported MISP elements are : Event, Attribute, Object (incl relations), Tag, Taxonomy, Galaxy (incl relations). -Once installed you can start by creating a `MISPEvent` entity, then load the transform `EventToAttributes`. +Once installed you can start by creating a `MISPEvent` entity, then load the Machine `EventToAll` or the transform `EventToAttributes`. Alternatively initiate a transform on an existing Maltego entity. The currently supported entities are: `AS`, `DNSName`, `Domain`, `EmailAddress`, `File`, `Hash`, `IPv4Address`, `NSRecord`, `Person`, `PhoneNumber`, `URL`, `Website` @@ -40,56 +40,3 @@ This software is licensed under [GNU Affero General Public License version 3](ht Note: Before being rewritten from scratch this project was maintained by Emmanuel Bouillon. The code is available in the `v1` branch. - -
-The Canari welcome message: -# README - MISP_maltego - -Welcome to Canari. You might be wondering what all these files are about. Before you can use the power of -`canari create-profile` you needed to create a transform package and that's exactly what you did here! I've given you a -directory structure to use in the following manner: - -* `src/MISP_maltego` directory is where all your stuff goes in terms of auxiliary modules that you may need for - your modules -* `src/MISP_maltego/transforms` directory is where all your transform modules should be placed. An example - `helloworld` transform is there for your viewing pleasure. -* `src/MISP_maltego/transforms/common` directory is where you can put some common code for your transforms like - result parsing, entities, etc. -* `src/MISP_maltego/transforms/common/entities.py` is where you define your custom entities. Take a look at the - examples provided if you want to play around with custom entities. -* `maltego/` is where you can store your Maltego entity exports. -* `src/MISP_maltego/resources/maltego` directory is where your `entities.mtz` and `*.machine` files can be - stored for auto install and uninstall. -* `src/MISP_maltego/resources/external` directory is where you can place non-Python transforms written in other - languages. - -If you're going to add a new transform in the transforms directory, remember to update the `__all__` variable in -`src/MISP_maltego/transforms/__init__.py`. Otherwise, `canari install-package` won't attempt to install the -transform. Alternatively, `canari create-transform ` can be used within the -`src/MISP_maltego/transforms` directory to generate a transform module and have it automatically added to the -`__init__.py` file, like so: - -```bash -$ canari create-transform foo -``` - -To test your transform, simply `cd` into the src directory and run `canari debug-transform`, like so: - -```bash -$ canari debug-transform MISP_maltego.transforms.helloworld.HelloWorld Phil -%50 -D:This was pointless! -%100 -`- MaltegoTransformResponseMessage: - `- Entities: - `- Entity: {'Type': 'test.MyTestEntity'} - `- Value: Hello Phil! - `- Weight: 1 - `- AdditionalFields: - `- Field: 2 {'DisplayName': 'Field 1', 'Name': 'test.field1', 'MatchingRule': 'strict'} - `- Field: test {'DisplayName': 'Field N', 'Name': 'test.fieldN', 'MatchingRule': 'strict'} -``` - -Cool right? If you have any further questions don't hesitate to drop us a line;) - -Have fun! diff --git a/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine b/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine new file mode 100644 index 0000000..30b7167 --- /dev/null +++ b/src/MISP_maltego/resources/maltego/misp_MISPEventToAll.machine @@ -0,0 +1,12 @@ +machine("misp.MISPEventToAll", + displayName:"Event to All", + author:"Christophe Vandeplas", + description: "Automatically expands MISP Objects to their attributes") { + start { + run("MISP_maltego.EventToAttributes") + paths { + run("MISP_maltego.ObjectToAttributes") + run("MISP_maltego.GalaxyToRelations") + } + } +}