MISP
/
MISP-maltego
mirror of https://github.com/MISP/MISP-maltego
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [transform] Tag to Event with massive performance boost

pull/40/head
Christophe Vandeplas 2020-05-15 09:15:13 +02:00
parent 3ccde66dab
commit bba7e0baa5
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/MISP_maltego/transforms/attributetoevent.py
View File

@ -45,7 +45,7 @@ class SearchInMISP(Transform):
return response
# From galaxy or Hashtag
if 'properties.mispgalaxy' in request.entity.fields or 'properties.temp' in request.entity.fields:
if 'properties.mispgalaxy' in request.entity.fields or 'properties.temp' in request.entity.fields or 'twitter.hashtag' in request.entity.fields:
if request.entity.value == '-':
return response
# First search in galaxies
@ -64,7 +64,7 @@ class SearchInMISP(Transform):
response += new_entity
# from Hashtag search also in tags
if 'properties.temp' in request.entity.fields:
if 'properties.temp' in request.entity.fields or 'twitter.hashtag' in request.entity.fields:
keyword = get_entity_property(request.entity, 'Temp')
if not keyword:
keyword = request.entity.value
@ -157,13 +157,14 @@ class AttributeToEvent(Transform):
else:
return response
# from Hashtag
elif 'properties.temp' in request.entity.fields:
elif 'properties.temp' in request.entity.fields or 'twitter.hashtag' in request.entity.fields:
tag_name = get_entity_property(request.entity, 'Temp')
if not tag_name:
tag_name = request.entity.value
events_json = conn.misp.search(controller='events', tags=tag_name, with_attachments=False)
# TODO convert this to an index search to be much faster
events_json = conn.misp.search_index(tags=tag_name)
for e in events_json:
response += event_to_entity(e, link_direction=LinkDirection.OutputToInput)
response += event_to_entity({'Event': e}, link_direction=LinkDirection.OutputToInput)
return response
# standard Entities (normal attributes)
else: