mirror of https://github.com/MISP/PyMISP
Merge pull request #409 from 3c7/bugfix/openioc_datatypes
[OpenIOC] Allow the use of content type for RouteEntryItem/Destinationpull/418/head
commit
7c76d6be39
|
@ -100,7 +100,7 @@ iocMispMapping = {
|
||||||
|
|
||||||
'RouteEntryItem/Destination': {'type': 'ip-dst'},
|
'RouteEntryItem/Destination': {'type': 'ip-dst'},
|
||||||
'RouteEntryItem/Destination/IP': {'type': 'ip-dst', 'comment': 'RouteDestination. '},
|
'RouteEntryItem/Destination/IP': {'type': 'ip-dst', 'comment': 'RouteDestination. '},
|
||||||
'RouteEntryItem/Destination/string': {'type': 'url', 'comment': 'RouteDestination. '},
|
'RouteEntryItem/Destination/string': {'type': 'hostname', 'comment': 'RouteDestination. '},
|
||||||
|
|
||||||
|
|
||||||
'ServiceItem/name': {'type': 'windows-service-name'},
|
'ServiceItem/name': {'type': 'windows-service-name'},
|
||||||
|
@ -218,7 +218,12 @@ def set_values(value1, value2=None):
|
||||||
compositeMapping = '{}|{}'.format(value1.find('context')['search'], value2.find('context')['search'])
|
compositeMapping = '{}|{}'.format(value1.find('context')['search'], value2.find('context')['search'])
|
||||||
mapping = get_mapping(compositeMapping, mappingDict=iocMispCompositeMapping)
|
mapping = get_mapping(compositeMapping, mappingDict=iocMispCompositeMapping)
|
||||||
else:
|
else:
|
||||||
mapping = get_mapping(value1.find('context')['search'])
|
context_search = value1.find('context')['search']
|
||||||
|
content_type = value1.find('content').get('type', None)
|
||||||
|
if "RouteEntryItem/Destination" in context_search and content_type:
|
||||||
|
mapping = get_mapping(context_search + '/' + content_type)
|
||||||
|
else:
|
||||||
|
mapping = get_mapping(context_search)
|
||||||
|
|
||||||
if mapping:
|
if mapping:
|
||||||
attribute_values.update(mapping)
|
attribute_values.update(mapping)
|
||||||
|
|
Loading…
Reference in New Issue