MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

wip: [stix2 import] Network traffic references parsing function for further reuse

pull/6022/head
chrisr3d 2020-06-09 23:59:46 +02:00
parent 5a4cc6a783
commit bed26bc4d8
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app/files/scripts/stix2/rework_stix2misp.py
View File

@ -1481,14 +1481,7 @@ class ExternalStixParser(StixParser):
network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic')
attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping')
mapping = 'ip_port_references_mapping'
for feature in ('src', 'dst'):
ref = f'{feature}_ref'
if hasattr(network_traffic, ref):
reference = getattr(network_traffic, ref)
attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature))
if hasattr(network_traffic, f'{ref}s'):
for reference in getattr(network_traffic, f'{ref}s'):
attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature))
attributes.extend(self.parse_network_traffic_references(network_traffic, references, 'network_traffic_references_mapping'))
if references:
for reference in references.values():
attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping'))
@ -1501,6 +1494,18 @@ class ExternalStixParser(StixParser):
else:
self.add_attributes_from_observable(observable.objects, *args)
def parse_network_traffic_references(self, network_traffic, references, mapping):
attributes = []
for feature in ('src', 'dst'):
ref = f'{feature}_ref'
if hasattr(network_traffic, ref):
reference = getattr(network_traffic, ref)
attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature))
if hasattr(network_traffic, f'{ref}s'):
for reference in getattr(network_traffic, f'{ref}s'):
attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature))
return attributes
def parse_mutex_observable(self, observable):
args = ('mutex', 'name')
if len(observable.objects) == 1: