mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
952e468013
2
PyMISP
2
PyMISP
|
@ -1 +1 @@
|
||||||
Subproject commit 64d7c9a24ad9d3a7ccc1b96fb643c235d2b9e02e
|
Subproject commit 0faa75824f4dbac2b14919bb17e9d0fef79026d7
|
|
@ -1 +1 @@
|
||||||
Subproject commit d2e1681eb8ec75e6c2819fa113834843fed6995a
|
Subproject commit 5ccb12354dfc08ca1b3e0a430e8668bf1610b5d3
|
|
@ -1 +1 @@
|
||||||
Subproject commit e37f320df5a6ba4d9c67662a3670b160e9941bcf
|
Subproject commit c7104e8819d6b789b24a45655aa28625a8c4c346
|
|
@ -1 +1 @@
|
||||||
Subproject commit 7ef9a2ba56efc6553a720d6df27c9ee547e24242
|
Subproject commit 3b5451c32518da3e29c575e868d245f27c18dcf4
|
|
@ -24,7 +24,7 @@ import io
|
||||||
import re
|
import re
|
||||||
import stix2
|
import stix2
|
||||||
from stix2misp_mapping import *
|
from stix2misp_mapping import *
|
||||||
from collections import defaultdict, OrderedDict
|
from collections import defaultdict
|
||||||
|
|
||||||
_MISP_dir = "/".join([p for p in os.path.dirname(os.path.realpath(__file__)).split('/')[:-4]])
|
_MISP_dir = "/".join([p for p in os.path.dirname(os.path.realpath(__file__)).split('/')[:-4]])
|
||||||
_PyMISP_dir = '{_MISP_dir}/PyMISP'.format(_MISP_dir=_MISP_dir)
|
_PyMISP_dir = '{_MISP_dir}/PyMISP'.format(_MISP_dir=_MISP_dir)
|
||||||
|
@ -107,7 +107,7 @@ class StixParser():
|
||||||
try:
|
try:
|
||||||
self.report[parsed_object['id'].split('--')[1]] = parsed_object
|
self.report[parsed_object['id'].split('--')[1]] = parsed_object
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
self.report = OrderedDict({parsed_object['id'].split('--')[1]: parsed_object})
|
self.report = {parsed_object['id'].split('--')[1]: parsed_object}
|
||||||
|
|
||||||
def _load_usual_object(self, parsed_object):
|
def _load_usual_object(self, parsed_object):
|
||||||
self.event[parsed_object._type][parsed_object['id'].split('--')[1]] = parsed_object
|
self.event[parsed_object._type][parsed_object['id'].split('--')[1]] = parsed_object
|
||||||
|
@ -128,23 +128,14 @@ class StixParser():
|
||||||
except PyMISPInvalidFormat:
|
except PyMISPInvalidFormat:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
def _set_info_from_report(self, report_attributes):
|
|
||||||
if report_attributes['name'] is None:
|
|
||||||
self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, os.path.basename(self.filename))
|
|
||||||
else:
|
|
||||||
self.misp_event.info = report_attributes['name']
|
|
||||||
|
|
||||||
def build_from_STIX_with_report(self):
|
def build_from_STIX_with_report(self):
|
||||||
report_attributes = defaultdict(set)
|
report_attributes = defaultdict(set)
|
||||||
report_attributes['name'] = None
|
|
||||||
|
|
||||||
for ruuid, report in self.report.items():
|
for ruuid, report in self.report.items():
|
||||||
try:
|
try:
|
||||||
report_attributes['orgs'].add(report.created_by_ref.split('--')[1])
|
report_attributes['orgs'].add(report.created_by_ref.split('--')[1])
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
pass
|
pass
|
||||||
if report_attributes['name'] is None:
|
report_attributes['name'].add(report.name)
|
||||||
report_attributes['name'] = report.name
|
|
||||||
if report.get('published'):
|
if report.get('published'):
|
||||||
report_attributes['published'].add(report.published)
|
report_attributes['published'].add(report.published)
|
||||||
if 'labels' in report:
|
if 'labels' in report:
|
||||||
|
@ -164,7 +155,10 @@ class StixParser():
|
||||||
self.misp_event['Org'] = {'name': identity['name']}
|
self.misp_event['Org'] = {'name': identity['name']}
|
||||||
if len(report_attributes['published']) == 1:
|
if len(report_attributes['published']) == 1:
|
||||||
self.misp_event.publish_timestamp = self.getTimestampfromDate(report_attributes['published'].pop())
|
self.misp_event.publish_timestamp = self.getTimestampfromDate(report_attributes['published'].pop())
|
||||||
self._set_info_from_report(report_attributes)
|
if len(report_attributes['name']) == 1:
|
||||||
|
self.misp_event.info = report_attributes['name'].pop()
|
||||||
|
else:
|
||||||
|
self.misp_event.info = "Imported with MISP import script for {}.".format(self.stix_version)
|
||||||
for l in report_attributes['labels']:
|
for l in report_attributes['labels']:
|
||||||
self.misp_event.add_tag(l)
|
self.misp_event.add_tag(l)
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 0edcb08fa618f15b51a2bbf0eae6b89c5f603ded
|
Subproject commit 8c4e2a8e8b4d3ec287c43dcae129123fcde8cb2f
|
|
@ -1 +1 @@
|
||||||
Subproject commit 192d112728f3cab83570a0ad4f6f296e073cf738
|
Subproject commit 28687d90d575332776480cd5d683361e7485033c
|
|
@ -1 +1 @@
|
||||||
Subproject commit 77ca5ae2f9742652cd90a53f1b83308a8343f2cc
|
Subproject commit e4f08557ec93c589a71a6e4060134661f1c4b2c0
|
Loading…
Reference in New Issue