Clusters and elements to attach to MISP events or attributes (like threat actors) https://www.misp-project.org/galaxy.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

67 lines
1.9 KiB

  1. #!/usr/bin/env python3
  2. # coding=utf-8
  3. """
  4. Tools to find duplicate in galaxies
  5. """
  6. import json
  7. import os
  8. import collections
  9. def loadjsons(path, return_paths=False):
  10. """
  11. Find all Jsons and load them in a dict
  12. Parameters:
  13. path: string
  14. return_names: boolean, if the name of the file should be returned,
  15. default: False
  16. Returns:
  17. List of parsed file contents.
  18. If return_paths is True, then every list item is a tuple of the
  19. file name and the file content
  20. """
  21. files = []
  22. data = []
  23. for name in os.listdir(path):
  24. if os.path.isfile(os.path.join(path, name)) and name.endswith('.json'):
  25. files.append(name)
  26. for jfile in files:
  27. filepath = os.path.join(path, jfile)
  28. if return_paths:
  29. data.append((filepath, json.load(open(filepath))))
  30. else:
  31. data.append(json.load(json.load(open(filepath))))
  32. return data
  33. if __name__ == '__main__':
  34. """
  35. Iterate all name + synonyms
  36. tell what is duplicated.
  37. """
  38. jsons = loadjsons("../clusters")
  39. counter = collections.Counter()
  40. namespace = []
  41. for djson in jsons:
  42. items = djson.get('values')
  43. for entry in items:
  44. name = entry.get('value').strip().lower()
  45. counter[name] += 1
  46. namespace.append([name, djson.get('name')])
  47. try:
  48. for synonym in entry.get('meta').get('synonyms'):
  49. name = synonym.strip().lower()
  50. counter[name] += 1
  51. namespace.append([name, djson.get('name')])
  52. except (AttributeError, TypeError):
  53. pass
  54. counter = dict(counter)
  55. for key, val in counter.items():
  56. if val > 1:
  57. print("Warning duplicate %s" % key)
  58. for item in namespace:
  59. if item[0] == key:
  60. print(item)