2018-03-12 15:22:58 +01:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
|
|
|
import time
|
|
|
|
|
|
|
|
from pymisp.tools.abstractgenerator import AbstractMISPObjectGenerator
|
|
|
|
|
|
|
|
|
|
|
|
class CowrieMISPObject(AbstractMISPObjectGenerator):
|
|
|
|
def __init__(self, dico_val, **kargs):
|
|
|
|
self._dico_val = dico_val
|
|
|
|
self.name = "cowrie"
|
|
|
|
|
|
|
|
# Enforce attribute date with timestamp
|
|
|
|
super(CowrieMISPObject, self).__init__('cowrie',
|
|
|
|
default_attributes_parameters={'timestamp': int(time.time())},
|
|
|
|
**kargs)
|
|
|
|
self.generate_attributes()
|
|
|
|
|
|
|
|
def generate_attributes(self):
|
2018-10-11 10:12:45 +02:00
|
|
|
valid_object_attributes = self._definition['attributes'].keys()
|
2018-03-12 15:22:58 +01:00
|
|
|
for object_relation, value in self._dico_val.items():
|
2018-10-11 10:12:45 +02:00
|
|
|
if object_relation not in valid_object_attributes:
|
2018-03-12 15:22:58 +01:00
|
|
|
continue
|
2018-03-12 15:34:12 +01:00
|
|
|
|
2018-03-12 15:22:58 +01:00
|
|
|
if object_relation == 'timestamp':
|
|
|
|
# Date already in ISO format, removing trailing Z
|
|
|
|
value = value.rstrip('Z')
|
|
|
|
|
|
|
|
if isinstance(value, dict):
|
|
|
|
self.add_attribute(object_relation, **value)
|
|
|
|
else:
|
2018-10-11 10:12:45 +02:00
|
|
|
# uniformize value, sometimes empty array
|
2018-10-12 14:04:54 +02:00
|
|
|
if isinstance(value, list) and len(value) == 0:
|
2018-10-11 10:12:45 +02:00
|
|
|
value = ''
|
2018-03-12 15:22:58 +01:00
|
|
|
self.add_attribute(object_relation, value=value)
|