MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fixes to the openIOC import tool 

- should handle nested OR branches better now
- domain now mapped to Network/DNS
pull/217/head
iglocska 2013-07-30 11:01:16 +02:00
parent 21b2e0e540
commit 64f32389e9
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
app/Controller/Component/IOCImportComponent.php
View File

@ -83,9 +83,10 @@ class IOCImportComponent extends Component {
$oldTree = $tree;
// Let's start analysing and altering the tree so that we can keep as much data as possible
$tree = $this->__traverseAndAnalyse($tree);
$tree = $this->__resolveBranch($tree, $tree['uuid'], 'OR', $tree['leaves']);
$tree = $this->__resolveBranch($tree, $tree['uuid'], 'OR', $tree['leaves'], true);
$attributes = null;
if (isset($tree['branches'][0]['leaves'])) $attributes = $tree['branches'][0]['leaves'];
if (isset($tree['leaves'])) $attributes = $tree['leaves'];
unset ($tree['branches'], $tree['leaves'], $tree['type']);
// set the basic info the event in case we want to populate the uuid, info and date fields
$event = $tree;
@ -240,7 +241,7 @@ class IOCImportComponent extends Component {
case 'RouteEntryItem/Destination':
return array('Network activity', 'ip-dst');
break;
case 'SystemInfoItem/domain':
case 'Network/DNS':
return array('Network activity', 'domain');
break;
case 'Email/To':
@ -312,7 +313,7 @@ class IOCImportComponent extends Component {
}
}
private function __resolveBranch($branch, $uuid, $type, &$leaves) {
private function __resolveBranch($branch, $uuid, $type, &$leaves, $root = false) {
$toBeOmitted = $branch;
$toReindex = false;
// Resolve any deeper branching before we attempt to resolve this, as we might be able to turn it into a single attribute
@ -383,13 +384,6 @@ class IOCImportComponent extends Component {
}
}
}
// Check if resolving the AND lead to an OR nested within
if (($branch['type'] == 'OR') && count($branch['branches']) == 0 && count($branch['leaves']) != 0) {
$this->tempLeaves = $branch['leaves'];
$this->saved_uuids[] = $uuid;
return 'getFromTemp';
}
}
@ -408,6 +402,14 @@ class IOCImportComponent extends Component {
$branch['leaves'] = array();
}
if (($branch['type'] == 'OR') && count($branch['branches']) == 0 && count($branch['leaves']) != 0) {
if (!$root) {
$this->tempLeaves = $branch['leaves'];
$this->saved_uuids[] = $uuid;
return 'getFromTemp';
}
}
// If we have no branches and no leaves left after all of this, return nothing and unset this branch
if ((!isset($branch['leaves']) || count($branch['leaves']) == 0) && count($branch['branches']) == 0 && !isset($branch['long_info'])) {
return;