MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Added domain|ip to nids exports

pull/1657/head
Iglocska 2016-11-09 17:08:06 +01:00
parent ccc1038e08
commit 7e75aafc22
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Lib/Export/NidsExport.php
View File

@ -68,6 +68,9 @@ class NidsExport {
case 'domain':
$this->domainRule($ruleFormat, $item['Attribute'], $sid);
break;
case 'domain|ip':
$this->domainIpRule($ruleFormat, $item['Attribute'], $sid);
break;
case 'hostname':
$this->hostnameRule($ruleFormat, $item['Attribute'], $sid);
break;
@ -86,6 +89,18 @@ class NidsExport {
}
return $this->rules;
}
public function domainIpRule($ruleFormat, $attribute, &$sid) {
$values = explode('|', $attribute['value']);
$attributeCopy = $attribute;
$attributeCopy['value'] = $values[0];
$this->domainRule($ruleFormat, $attributeCopy, $sid);
$sid++;
$attributeCopy['value'] = $values[1];
$this->ipDstRule($ruleFormat, $attributeCopy, $sid);
$sid++;
$this->ipSrcRule($ruleFormat, $attributeCopy, $sid);
}
public function ipDstRule($ruleFormat, $attribute, &$sid) {
$overruled = $this->checkWhitelist($attribute['value']);
@ -397,10 +412,8 @@ class NidsExport {
$extraForRule .= $ruleFormatReference . ';';
}
$tmpRule = preg_replace('/;\s*\)/', '; ' . $extraForRule . ')', $tmpRule);
// finally the rule is cleaned up and can be outputed
$this->rules[] = $tmpRule;
return true;
}