diff --git a/src/MISP_maltego/transforms/attributetoevent.py b/src/MISP_maltego/transforms/attributetoevent.py index dcbbc85..9090c09 100644 --- a/src/MISP_maltego/transforms/attributetoevent.py +++ b/src/MISP_maltego/transforms/attributetoevent.py @@ -16,9 +16,10 @@ __status__ = 'Development' class SearchInMISP(Transform): - """Search an attribute, event in MISP, allowing the use of % at the front and end""" + """Use % at the front/end for wildcard search""" input_type = Unknown display_name = 'Search in MISP' + description = "Use % at the front/end for wildcard search" remote = True def do_transform(self, request, response, config): @@ -122,7 +123,7 @@ class SearchInMISP(Transform): class AttributeToEvent(Transform): input_type = Unknown - display_name = 'to MISP Event' + display_name = 'to MISP Events' remote = True def do_transform(self, request, response, config): @@ -161,7 +162,6 @@ class AttributeToEvent(Transform): tag_name = get_entity_property(request.entity, 'Temp') if not tag_name: tag_name = request.entity.value - # TODO convert this to an index search to be much faster events_json = conn.misp.search_index(tags=tag_name) for e in events_json: response += event_to_entity({'Event': e}, link_direction=LinkDirection.OutputToInput) diff --git a/src/MISP_maltego/transforms/common/util.py b/src/MISP_maltego/transforms/common/util.py index c34bb4c..6f81b8c 100644 --- a/src/MISP_maltego/transforms/common/util.py +++ b/src/MISP_maltego/transforms/common/util.py @@ -12,8 +12,6 @@ import requests import tempfile import time -# FIXME from galaxy 'to MISP Event' is confusing - __version__ = '1.4.4' # also update version in setup.py tag_note_prefixes = ['tlp:', 'PAP:', 'de-vs:', 'euci:', 'fr-classif:', 'nato:'] @@ -205,15 +203,15 @@ def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False): # complement the event tags with the attribute tags. if 'Tag' in a and not only_self: - for t in a['Tag']: - combined_tags.append(t['name']) - # ignore all misp-galaxies - if t['name'].startswith('misp-galaxy'): - continue - # ignore all those we add as notes - if tag_matches_note_prefix(t['name']): - continue - yield Hashtag(t['name'], bookmark=Bookmark.Green) + for t in a['Tag']: + combined_tags.append(t['name']) + # ignore all misp-galaxies + if t['name'].startswith('misp-galaxy'): + continue + # ignore all those we add as notes + if tag_matches_note_prefix(t['name']): + continue + yield Hashtag(t['name'], bookmark=Bookmark.Green) notes = convert_tags_to_note(combined_tags) @@ -251,7 +249,7 @@ def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False): # not supported in our maltego mapping are not handled - # LATER : relationships from attributes - not yet supported by MISP yet, but there are references in the datamodel + # LATER relationships from attributes - not yet supported by MISP yet, but there are references in the datamodel def object_to_attributes(o, e): @@ -293,7 +291,7 @@ def get_attribute_in_object(o, attribute_type=False, attribute_value=False, drop if drop: # drop the attribute from the object o['Attribute'].pop(i) break - # TODO implement substring matching + # substring matching if substring: keyword = attribute_value.strip('%') if attribute_value.startswith('%') and attribute_value.endswith('%'):