From 9f0737c34a965938fc3608bb080a8b83e263a4e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 3 Nov 2016 16:01:48 -0400
Subject: [PATCH] Add some mapping to openioc, add python version in the user
 agent

---
 pymisp/api.py           |  3 ++-
 pymisp/tools/openioc.py | 12 +++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/pymisp/api.py b/pymisp/api.py
index 7566086..113c691 100644
--- a/pymisp/api.py
+++ b/pymisp/api.py
@@ -3,6 +3,7 @@
 
 """Python API using the REST interface of MISP"""
 
+import sys
 import json
 import datetime
 import os
@@ -136,7 +137,7 @@ class PyMISP(object):
             {'Authorization': self.key,
              'Accept': 'application/{}'.format(output),
              'content-type': 'application/{}'.format(output),
-             'User-Agent': 'PyMISP {}'.format(__version__)})
+             'User-Agent': 'PyMISP {} - Python {}.{}.{}'.format(__version__, *sys.version_info)})
         return session
 
     def flatten_error_messages(self, response):
diff --git a/pymisp/tools/openioc.py b/pymisp/tools/openioc.py
index 7c89b95..e6be33d 100644
--- a/pymisp/tools/openioc.py
+++ b/pymisp/tools/openioc.py
@@ -23,14 +23,17 @@ iocMispMapping = {
 
     'FileItem/Md5sum': {'type': 'md5'},
     'FileItem/Sha1sum': {'type': 'sha1'},
+    'TaskItem/Sha1sum': {'type': 'sha1'},
     'FileItem/Sha256sum': {'type': 'sha256'},
     'FileItem/FileName': {'type': 'filename'},
     'FileItem/FullPath': {'type': 'filename'},
     'FileItem/FilePath': {'type': 'filename'},
+    'DriverItem/DriverName': {'type': 'filename'},
 
     'Network/URI': {'type': 'uri'},
     'Network/DNS': {'type': 'domain'},
     'Network/String': {'type': 'ip-dst'},
+    'RouteEntryItem/Destination': {'type': 'ip-dst'},
     'Network/UserAgent': {'type': 'user-agent'},
 
     'PortItem/localIP': {'type': 'ip-dst'},
@@ -41,8 +44,16 @@ iocMispMapping = {
     'ProcessItem/Pipe/Name': {'type': 'named pipe'},
     'ProcessItem/Mutex/Name': {'type': 'mutex', 'comment': 'MutexName.'},
 
+    'CookieHistoryItem/HostName': {'type': 'hostname'},
+    'FormHistoryItem/HostName': {'type': 'hostname'},
+    'SystemInfoItem/HostName': {'type': 'hostname'},
+    'UrlHistoryItem/HostName': {'type': 'hostname'},
+    'DnsEntryItem/RecordName': {'type': 'hostname'},
+    'DnsEntryItem/Host': {'type': 'hostname'},
+
     # Is it the regkey value?
     # 'RegistryItem/Text': {'type': 'regkey', 'RegistryText. '},
+    'RegistryItem/KeyPath': {'type': 'regkey'},
     'RegistryItem/Path': {'type': 'regkey'},
 
     'ServiceItem/name': {'type': 'windows-service-name'},
@@ -93,7 +104,6 @@ def get_mapping(openioc_type):
 
 def set_all_attributes(openioc, misp_event):
     for item in openioc.find_all("indicatoritem"):
-        print(item)
         attribute_values = {'comment': ''}
         if item.find('context'):
             mapping = get_mapping(item.find('context')['search'])