MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #409 from 3c7/bugfix/openioc_datatypes 

[OpenIOC] Allow the use of content type for RouteEntryItem/Destination
pull/418/head
Raphaël Vinot 2019-07-04 10:35:40 +02:00 committed by GitHub
parent cb1f345908 7be58af56a
commit 7c76d6be39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pymisp/tools/openioc.py
View File

@ -100,7 +100,7 @@ iocMispMapping = {
'RouteEntryItem/Destination': {'type': 'ip-dst'},
'RouteEntryItem/Destination/IP': {'type': 'ip-dst', 'comment': 'RouteDestination. '},
'RouteEntryItem/Destination/string': {'type': 'url', 'comment': 'RouteDestination. '},
'RouteEntryItem/Destination/string': {'type': 'hostname', 'comment': 'RouteDestination. '},
'ServiceItem/name': {'type': 'windows-service-name'},
@ -218,7 +218,12 @@ def set_values(value1, value2=None):
compositeMapping = '{}|{}'.format(value1.find('context')['search'], value2.find('context')['search'])
mapping = get_mapping(compositeMapping, mappingDict=iocMispCompositeMapping)
else:
mapping = get_mapping(value1.find('context')['search'])
context_search = value1.find('context')['search']
content_type = value1.find('content').get('type', None)
if "RouteEntryItem/Destination" in context_search and content_type:
mapping = get_mapping(context_search + '/' + content_type)
else:
mapping = get_mapping(context_search)
if mapping:
attribute_values.update(mapping)