mirror of https://github.com/MISP/MISP-maltego
chg: [transform] Tag to Event with massive performance boost
parent
3ccde66dab
commit
bba7e0baa5
|
@ -45,7 +45,7 @@ class SearchInMISP(Transform):
|
||||||
return response
|
return response
|
||||||
|
|
||||||
# From galaxy or Hashtag
|
# From galaxy or Hashtag
|
||||||
if 'properties.mispgalaxy' in request.entity.fields or 'properties.temp' in request.entity.fields:
|
if 'properties.mispgalaxy' in request.entity.fields or 'properties.temp' in request.entity.fields or 'twitter.hashtag' in request.entity.fields:
|
||||||
if request.entity.value == '-':
|
if request.entity.value == '-':
|
||||||
return response
|
return response
|
||||||
# First search in galaxies
|
# First search in galaxies
|
||||||
|
@ -64,7 +64,7 @@ class SearchInMISP(Transform):
|
||||||
response += new_entity
|
response += new_entity
|
||||||
|
|
||||||
# from Hashtag search also in tags
|
# from Hashtag search also in tags
|
||||||
if 'properties.temp' in request.entity.fields:
|
if 'properties.temp' in request.entity.fields or 'twitter.hashtag' in request.entity.fields:
|
||||||
keyword = get_entity_property(request.entity, 'Temp')
|
keyword = get_entity_property(request.entity, 'Temp')
|
||||||
if not keyword:
|
if not keyword:
|
||||||
keyword = request.entity.value
|
keyword = request.entity.value
|
||||||
|
@ -157,13 +157,14 @@ class AttributeToEvent(Transform):
|
||||||
else:
|
else:
|
||||||
return response
|
return response
|
||||||
# from Hashtag
|
# from Hashtag
|
||||||
elif 'properties.temp' in request.entity.fields:
|
elif 'properties.temp' in request.entity.fields or 'twitter.hashtag' in request.entity.fields:
|
||||||
tag_name = get_entity_property(request.entity, 'Temp')
|
tag_name = get_entity_property(request.entity, 'Temp')
|
||||||
if not tag_name:
|
if not tag_name:
|
||||||
tag_name = request.entity.value
|
tag_name = request.entity.value
|
||||||
events_json = conn.misp.search(controller='events', tags=tag_name, with_attachments=False)
|
# TODO convert this to an index search to be much faster
|
||||||
|
events_json = conn.misp.search_index(tags=tag_name)
|
||||||
for e in events_json:
|
for e in events_json:
|
||||||
response += event_to_entity(e, link_direction=LinkDirection.OutputToInput)
|
response += event_to_entity({'Event': e}, link_direction=LinkDirection.OutputToInput)
|
||||||
return response
|
return response
|
||||||
# standard Entities (normal attributes)
|
# standard Entities (normal attributes)
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in New Issue