mirror of https://github.com/MISP/MISP-maltego
new: [doc] Installation using pip
parent
42b0ba94c1
commit
98531ba854
|
@ -6,6 +6,7 @@
|
||||||
*.egg-info
|
*.egg-info
|
||||||
*.*.swp
|
*.*.swp
|
||||||
/build/
|
/build/
|
||||||
|
/dist/
|
||||||
# Locally genenerated mtz
|
# Locally genenerated mtz
|
||||||
/*.mtz
|
/*.mtz
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ The currently supported entities are: `AS`, `DNSName`, `Domain`, `EmailAddress`,
|
||||||
|
|
||||||
|
|
||||||
## Installation and User Guide:
|
## Installation and User Guide:
|
||||||
Installation is fairly easy, just read the steps in the [documentation](https://github.com/MISP/MISP-maltego/blob/master/doc/README.md).
|
Installation is fairly easy by using `pip`, just read the steps in the [documentation](https://github.com/MISP/MISP-maltego/blob/master/doc/README.md).
|
||||||
|
|
||||||
The [User Guide](https://github.com/MISP/MISP-maltego/blob/master/doc/README.md#use-cases) gives some example use-cases.
|
The [User Guide](https://github.com/MISP/MISP-maltego/blob/master/doc/README.md#use-cases) gives some example use-cases.
|
||||||
|
|
||||||
|
|
|
@ -5,22 +5,15 @@ This user guide should help you through the installation of **MISP-Maltego**, an
|
||||||
## Installation
|
## Installation
|
||||||
These instructions have been tested on Ubuntu 18.04 LTS, but should be similar on other systems.
|
These instructions have been tested on Ubuntu 18.04 LTS, but should be similar on other systems.
|
||||||
1. Download and install [Maltego](https://www.paterva.com/web7/downloads.php)
|
1. Download and install [Maltego](https://www.paterva.com/web7/downloads.php)
|
||||||
2. Install dependencies: `sudo apt install git build-essential python3-setuptools python3-dev python3-pip`
|
2. Install using pip: `pip3 install MISP-maltego`
|
||||||
3. Clone the repository, install and create the Maltego local transform bundle.
|
3. Generate the Maltego bundle: `canari create-profile MISP-maltego`
|
||||||
To the question *".canari/canari.conf already exists, would you like to overwrite it?"* you will probably want to answer yes.
|
4. Import this bundle in Maltego.
|
||||||
```
|
|
||||||
git clone https://github.com/MISP/MISP-maltego.git
|
|
||||||
cd MISP-maltego
|
|
||||||
sudo pip3 install .
|
|
||||||
canari create-profile MISP_maltego
|
|
||||||
```
|
|
||||||
5. Import this bundle in Maltego.
|
|
||||||
1. Open Maltego
|
1. Open Maltego
|
||||||
2. Click on the home button (Maltego icon, top-left corner).
|
2. Click on the home button (Maltego icon, top-left corner).
|
||||||
3. Click on 'Import'
|
3. Click on 'Import'
|
||||||
4. Click on 'Import Configuration'.
|
4. Click on 'Import Configuration'.
|
||||||
5. Load the `MISP_maltego.mtz` file and follow the prompts.
|
5. Load the `MISP_maltego.mtz` file and follow the prompts.
|
||||||
6. Edit `$HOME/.canari/MISP_maltego.conf` and enter your `misp_url` and `misp_key`
|
5. Edit `$HOME/.canari/MISP_maltego.conf` and enter your `misp_url` and `misp_key`
|
||||||
|
|
||||||
## Custom Entities
|
## Custom Entities
|
||||||
MISP-Maltego tries to use as much as possible the default Paterva entities, or the most popular from the community. It however comes with a few custom entities:
|
MISP-Maltego tries to use as much as possible the default Paterva entities, or the most popular from the community. It however comes with a few custom entities:
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash
|
||||||
|
python3 setup.py sdist bdist_wheel
|
||||||
|
twine upload dist/*
|
|
@ -37,7 +37,7 @@ class MISPObject(Entity):
|
||||||
|
|
||||||
icon_url = 'file://MISP_maltego/resources/images/MISPObject.png'
|
icon_url = 'file://MISP_maltego/resources/images/MISPObject.png'
|
||||||
uuid = StringEntityField('uuid', display_name='UUID')
|
uuid = StringEntityField('uuid', display_name='UUID')
|
||||||
event_id = IntegerEntityField('event_id', display_name='Event ID') # FIXME remove this once MISP provides objects correctly when requesting only the object. See https://github.com/MISP/MISP/issues/3801
|
event_id = IntegerEntityField('event_id', display_name='Event ID') # LATER remove this once MISP provides objects correctly when requesting only the object. See https://github.com/MISP/MISP/issues/3801
|
||||||
name = StringEntityField('name', display_name='Name', is_value=True)
|
name = StringEntityField('name', display_name='Name', is_value=True)
|
||||||
meta_category = StringEntityField('meta_category', display_name='Meta Category', matching_rule=MatchingRule.Loose)
|
meta_category = StringEntityField('meta_category', display_name='Meta Category', matching_rule=MatchingRule.Loose)
|
||||||
description = StringEntityField('description', display_name='Description', matching_rule=MatchingRule.Loose)
|
description = StringEntityField('description', display_name='Description', matching_rule=MatchingRule.Loose)
|
||||||
|
|
|
@ -27,7 +27,7 @@ import time
|
||||||
# # 'maltego.Document': [''],
|
# # 'maltego.Document': [''],
|
||||||
# 'maltego.PhoneNumber': ['phone-number'],
|
# 'maltego.PhoneNumber': ['phone-number'],
|
||||||
# 'maltego.EmailAddress': ['email-src', 'email-dst'],
|
# 'maltego.EmailAddress': ['email-src', 'email-dst'],
|
||||||
# # 'maltego.Image': [''], # LATER file image
|
# # 'maltego.Image': [''], # TODO file image
|
||||||
# # 'maltego.Phrase': [''],
|
# # 'maltego.Phrase': [''],
|
||||||
# 'maltego.File': ['filename'],
|
# 'maltego.File': ['filename'],
|
||||||
# # 'maltego.Person': [''],
|
# # 'maltego.Person': [''],
|
||||||
|
@ -178,7 +178,7 @@ def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False):
|
||||||
for c in g['GalaxyCluster']:
|
for c in g['GalaxyCluster']:
|
||||||
yield galaxycluster_to_entity(c)
|
yield galaxycluster_to_entity(c)
|
||||||
|
|
||||||
# TODO today the tag is attached to the event, not the attribute, this is something we want to fix soon.
|
# complement the event tags with the attribute tags.
|
||||||
if 'Tag' in a and not only_self:
|
if 'Tag' in a and not only_self:
|
||||||
for t in a['Tag']:
|
for t in a['Tag']:
|
||||||
combined_tags.append(t['name'])
|
combined_tags.append(t['name'])
|
||||||
|
@ -212,26 +212,19 @@ def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False):
|
||||||
if entity_obj == File:
|
if entity_obj == File:
|
||||||
labels.append(Label('hash', v_2))
|
labels.append(Label('hash', v_2))
|
||||||
yield entity_obj_to_entity(entity_obj, v_1, t_1, labels=labels, link_label=link_label, notes=notes, bookmark=Bookmark.Green) # LATER change the comment to include the second part of the regkey
|
yield entity_obj_to_entity(entity_obj, v_1, t_1, labels=labels, link_label=link_label, notes=notes, bookmark=Bookmark.Green) # LATER change the comment to include the second part of the regkey
|
||||||
else:
|
|
||||||
yield UIMessage("Type {} of combined type {} not supported for attribute: {}".format(t_1, a['type'], a), type=UIMessageType.Inform)
|
|
||||||
if t_2 in mapping_misp_to_maltego:
|
if t_2 in mapping_misp_to_maltego:
|
||||||
entity_obj = mapping_misp_to_maltego[t_2][0]
|
entity_obj = mapping_misp_to_maltego[t_2][0]
|
||||||
labels = [Label('comment', a.get('comment'))]
|
labels = [Label('comment', a.get('comment'))]
|
||||||
if entity_obj == Hash:
|
if entity_obj == Hash:
|
||||||
labels.append(Label('filename', v_1))
|
labels.append(Label('filename', v_1))
|
||||||
yield entity_obj_to_entity(entity_obj, v_2, t_2, labels=labels, link_label=link_label, notes=notes, bookmark=Bookmark.Green) # LATER change the comment to include the first part of the regkey
|
yield entity_obj_to_entity(entity_obj, v_2, t_2, labels=labels, link_label=link_label, notes=notes, bookmark=Bookmark.Green) # LATER change the comment to include the first part of the regkey
|
||||||
else:
|
|
||||||
yield UIMessage("Type {} of combined type {} not supported for attribute: {}".format(t_2, a['type'], a), type=UIMessageType.Inform)
|
|
||||||
|
|
||||||
# normal attributes
|
# normal attributes
|
||||||
elif a['type'] in mapping_misp_to_maltego:
|
elif a['type'] in mapping_misp_to_maltego:
|
||||||
entity_obj = mapping_misp_to_maltego[a['type']][0]
|
entity_obj = mapping_misp_to_maltego[a['type']][0]
|
||||||
yield entity_obj_to_entity(entity_obj, a['value'], a['type'], labels=[Label('comment', a.get('comment'))], link_label=link_label, notes=notes, bookmark=Bookmark.Green)
|
yield entity_obj_to_entity(entity_obj, a['value'], a['type'], labels=[Label('comment', a.get('comment'))], link_label=link_label, notes=notes, bookmark=Bookmark.Green)
|
||||||
|
|
||||||
# not supported in our maltego mapping
|
# not supported in our maltego mapping are not handled
|
||||||
else:
|
|
||||||
yield Unknown(a['value'], type=a['type'], labels=[Label('comment', a.get('comment'))], link_label=link_label, notes=notes, bookmark=Bookmark.Green)
|
|
||||||
yield UIMessage("Type {} not fully supported for attribute: {}".format(a['type'], a), type=UIMessageType.Inform)
|
|
||||||
|
|
||||||
# LATER : relationships from attributes - not yet supported by MISP yet, but there are references in the datamodel
|
# LATER : relationships from attributes - not yet supported by MISP yet, but there are references in the datamodel
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue