fix: [tags] tags as notes for events - see issue #4

2019-02-07 14:03:30 +01:00 · 2019-02-07 14:03:30 +01:00 · d9ddb08387
parent 0015cbb7f7
commit d9ddb08387
2 changed files with 15 additions and 1 deletions
--- a/src/MISP_maltego/transforms/common/util.py
+++ b/src/MISP_maltego/transforms/common/util.py
@ -154,6 +154,9 @@ def attribute_to_entity(a, link_label=None, event_tags=None):
                # ignore all misp-galaxies
                if t['name'].startswith('misp-galaxy'):
                    continue
+                # ignore all those we add as notes
+                if tag_matches_note_prefix(t['name']):
+                    continue
                yield Hashtag(t['name'])

    notes = convert_tags_to_note(combined_tags)
@ -309,6 +312,13 @@ def convert_tags_to_note(tags):
    return '\n'.join(notes)


+def tag_matches_note_prefix(tag):
+    for tag_note_prefix in tag_note_prefixes:
+        if tag.startswith(tag_note_prefix):
+            return True
+    return False
+
+
 def event_to_entity(e, link_style=LinkStyle.Normal):
    tags = []
    if 'Tag' in e['Event']:
--- a/src/MISP_maltego/transforms/eventtoattributes.py
+++ b/src/MISP_maltego/transforms/eventtoattributes.py
@ -2,7 +2,7 @@ from canari.maltego.entities import Hashtag
 from canari.maltego.transform import Transform
 # from canari.framework import EnableDebugWindow
 from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject
-from MISP_maltego.transforms.common.util import get_misp_connection, attribute_to_entity, event_to_entity, galaxycluster_to_entity, object_to_entity, object_to_attributes
+from MISP_maltego.transforms.common.util import get_misp_connection, attribute_to_entity, event_to_entity, galaxycluster_to_entity, object_to_entity, object_to_attributes, tag_matches_note_prefix
 from canari.maltego.message import LinkStyle

 import json
@ -33,6 +33,7 @@ class EventToAttributes(Transform):
        if not event_json.get('Event'):
            return response

+        response += event_to_entity(event_json)
        event_tags = []
        if 'Tag' in event_json['Event']:
            for t in event_json['Event']['Tag']:
@ -40,6 +41,9 @@ class EventToAttributes(Transform):
                # ignore all misp-galaxies
                if t['name'].startswith('misp-galaxy'):
                    continue
+                # ignore all those we add as notes
+                if tag_matches_note_prefix(t['name']):
+                    continue
                response += Hashtag(t['name'])
        for g in event_json['Event']['Galaxy']:
            for c in g['GalaxyCluster']: