mirror of https://github.com/MISP/MISP-maltego
fix: [cleanup] minor visual improvements
parent
bba7e0baa5
commit
ab9b93ff23
|
@ -16,9 +16,10 @@ __status__ = 'Development'
|
||||||
|
|
||||||
|
|
||||||
class SearchInMISP(Transform):
|
class SearchInMISP(Transform):
|
||||||
"""Search an attribute, event in MISP, allowing the use of % at the front and end"""
|
"""Use % at the front/end for wildcard search"""
|
||||||
input_type = Unknown
|
input_type = Unknown
|
||||||
display_name = 'Search in MISP'
|
display_name = 'Search in MISP'
|
||||||
|
description = "Use % at the front/end for wildcard search"
|
||||||
remote = True
|
remote = True
|
||||||
|
|
||||||
def do_transform(self, request, response, config):
|
def do_transform(self, request, response, config):
|
||||||
|
@ -122,7 +123,7 @@ class SearchInMISP(Transform):
|
||||||
|
|
||||||
class AttributeToEvent(Transform):
|
class AttributeToEvent(Transform):
|
||||||
input_type = Unknown
|
input_type = Unknown
|
||||||
display_name = 'to MISP Event'
|
display_name = 'to MISP Events'
|
||||||
remote = True
|
remote = True
|
||||||
|
|
||||||
def do_transform(self, request, response, config):
|
def do_transform(self, request, response, config):
|
||||||
|
@ -161,7 +162,6 @@ class AttributeToEvent(Transform):
|
||||||
tag_name = get_entity_property(request.entity, 'Temp')
|
tag_name = get_entity_property(request.entity, 'Temp')
|
||||||
if not tag_name:
|
if not tag_name:
|
||||||
tag_name = request.entity.value
|
tag_name = request.entity.value
|
||||||
# TODO convert this to an index search to be much faster
|
|
||||||
events_json = conn.misp.search_index(tags=tag_name)
|
events_json = conn.misp.search_index(tags=tag_name)
|
||||||
for e in events_json:
|
for e in events_json:
|
||||||
response += event_to_entity({'Event': e}, link_direction=LinkDirection.OutputToInput)
|
response += event_to_entity({'Event': e}, link_direction=LinkDirection.OutputToInput)
|
||||||
|
|
|
@ -12,8 +12,6 @@ import requests
|
||||||
import tempfile
|
import tempfile
|
||||||
import time
|
import time
|
||||||
|
|
||||||
# FIXME from galaxy 'to MISP Event' is confusing
|
|
||||||
|
|
||||||
__version__ = '1.4.4' # also update version in setup.py
|
__version__ = '1.4.4' # also update version in setup.py
|
||||||
|
|
||||||
tag_note_prefixes = ['tlp:', 'PAP:', 'de-vs:', 'euci:', 'fr-classif:', 'nato:']
|
tag_note_prefixes = ['tlp:', 'PAP:', 'de-vs:', 'euci:', 'fr-classif:', 'nato:']
|
||||||
|
@ -251,7 +249,7 @@ def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False):
|
||||||
|
|
||||||
# not supported in our maltego mapping are not handled
|
# not supported in our maltego mapping are not handled
|
||||||
|
|
||||||
# LATER : relationships from attributes - not yet supported by MISP yet, but there are references in the datamodel
|
# LATER relationships from attributes - not yet supported by MISP yet, but there are references in the datamodel
|
||||||
|
|
||||||
|
|
||||||
def object_to_attributes(o, e):
|
def object_to_attributes(o, e):
|
||||||
|
@ -293,7 +291,7 @@ def get_attribute_in_object(o, attribute_type=False, attribute_value=False, drop
|
||||||
if drop: # drop the attribute from the object
|
if drop: # drop the attribute from the object
|
||||||
o['Attribute'].pop(i)
|
o['Attribute'].pop(i)
|
||||||
break
|
break
|
||||||
# TODO implement substring matching
|
# substring matching
|
||||||
if substring:
|
if substring:
|
||||||
keyword = attribute_value.strip('%')
|
keyword = attribute_value.strip('%')
|
||||||
if attribute_value.startswith('%') and attribute_value.endswith('%'):
|
if attribute_value.startswith('%') and attribute_value.endswith('%'):
|
||||||
|
|
Loading…
Reference in New Issue