Add some mapping to openioc, add python version in the user agent

2016-11-03 16:01:48 -04:00 · 2016-11-03 16:01:48 -04:00 · 9f0737c34a
parent 6c5289d495
commit 9f0737c34a
2 changed files with 13 additions and 2 deletions
--- a/pymisp/api.py
+++ b/pymisp/api.py
@ -3,6 +3,7 @@

 """Python API using the REST interface of MISP"""

+import sys
 import json
 import datetime
 import os
@ -136,7 +137,7 @@ class PyMISP(object):
            {'Authorization': self.key,
             'Accept': 'application/{}'.format(output),
             'content-type': 'application/{}'.format(output),
-             'User-Agent': 'PyMISP {}'.format(__version__)})
+             'User-Agent': 'PyMISP {} - Python {}.{}.{}'.format(__version__, *sys.version_info)})
        return session

    def flatten_error_messages(self, response):
--- a/pymisp/tools/openioc.py
+++ b/pymisp/tools/openioc.py
@ -23,14 +23,17 @@ iocMispMapping = {

    'FileItem/Md5sum': {'type': 'md5'},
    'FileItem/Sha1sum': {'type': 'sha1'},
+    'TaskItem/Sha1sum': {'type': 'sha1'},
    'FileItem/Sha256sum': {'type': 'sha256'},
    'FileItem/FileName': {'type': 'filename'},
    'FileItem/FullPath': {'type': 'filename'},
    'FileItem/FilePath': {'type': 'filename'},
+    'DriverItem/DriverName': {'type': 'filename'},

    'Network/URI': {'type': 'uri'},
    'Network/DNS': {'type': 'domain'},
    'Network/String': {'type': 'ip-dst'},
+    'RouteEntryItem/Destination': {'type': 'ip-dst'},
    'Network/UserAgent': {'type': 'user-agent'},

    'PortItem/localIP': {'type': 'ip-dst'},
@ -41,8 +44,16 @@ iocMispMapping = {
    'ProcessItem/Pipe/Name': {'type': 'named pipe'},
    'ProcessItem/Mutex/Name': {'type': 'mutex', 'comment': 'MutexName.'},

+    'CookieHistoryItem/HostName': {'type': 'hostname'},
+    'FormHistoryItem/HostName': {'type': 'hostname'},
+    'SystemInfoItem/HostName': {'type': 'hostname'},
+    'UrlHistoryItem/HostName': {'type': 'hostname'},
+    'DnsEntryItem/RecordName': {'type': 'hostname'},
+    'DnsEntryItem/Host': {'type': 'hostname'},
+
    # Is it the regkey value?
    # 'RegistryItem/Text': {'type': 'regkey', 'RegistryText. '},
+    'RegistryItem/KeyPath': {'type': 'regkey'},
    'RegistryItem/Path': {'type': 'regkey'},

    'ServiceItem/name': {'type': 'windows-service-name'},
@ -93,7 +104,6 @@ def get_mapping(openioc_type):

 def set_all_attributes(openioc, misp_event):
    for item in openioc.find_all("indicatoritem"):
-        print(item)
        attribute_values = {'comment': ''}
        if item.find('context'):
            mapping = get_mapping(item.find('context')['search'])