2021-02-05 10:18:52 +01:00
|
|
|
import json
|
|
|
|
|
|
|
|
try:
|
|
|
|
import pyeti
|
|
|
|
except ImportError:
|
|
|
|
print("pyeti module not installed.")
|
|
|
|
|
|
|
|
misperrors = {'error': 'Error'}
|
|
|
|
|
|
|
|
mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domain'],
|
|
|
|
'output': ['hostname', 'domain', 'ip-src', 'ip-dst', 'url']}
|
|
|
|
# possible module-types: 'expansion', 'hover' or both
|
|
|
|
moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven',
|
|
|
|
'description': 'Query on yeti',
|
|
|
|
'module-type': ['expansion', 'hover']}
|
|
|
|
|
2021-02-05 11:17:40 +01:00
|
|
|
moduleconfig = ['apikey', 'url']
|
|
|
|
|
|
|
|
|
2021-03-05 11:00:19 +01:00
|
|
|
class Yeti(pyeti.YetiApi):
|
2021-02-05 11:17:40 +01:00
|
|
|
|
|
|
|
def __init__(self, url, key):
|
2021-03-05 11:00:19 +01:00
|
|
|
super(Yeti, self).__init__(url, key)
|
2021-02-05 11:17:40 +01:00
|
|
|
self.dict = {'Ip': 'ip-src', 'Domain': 'domain', 'Hostname': 'hostname'}
|
|
|
|
|
|
|
|
def search(self, value):
|
2021-03-05 11:00:19 +01:00
|
|
|
obs = self.observable_search(value=value)
|
2021-02-05 11:17:40 +01:00
|
|
|
if obs:
|
2021-03-05 11:00:19 +01:00
|
|
|
return obs[0]
|
2021-02-05 11:17:40 +01:00
|
|
|
|
2021-03-05 11:00:19 +01:00
|
|
|
def get_neighboors(self, obs_id):
|
|
|
|
neighboors = self.neighbors_observables(obs_id)
|
|
|
|
if neighboors and 'objs' in neighboors:
|
|
|
|
for n in neighboors:
|
|
|
|
yield n
|
|
|
|
|
|
|
|
def get_tags(self, value):
|
|
|
|
obs = self.search(value)
|
|
|
|
if obs:
|
|
|
|
for t in obs['tags']:
|
|
|
|
yield t
|
|
|
|
|
|
|
|
def get_entity(self, obs_id):
|
|
|
|
companies = self.observable_to_company(obs_id)
|
|
|
|
actors = self.observable_to_actor(obs_id)
|
|
|
|
campaigns = self.observable_to_campaign(obs_id)
|
|
|
|
exploit_kit = self.observable_to_exploitkit(obs_id)
|
|
|
|
exploit = self.observable_to_exploit(obs_id)
|
|
|
|
ind = self.observable_to_indicator(obs_id)
|
|
|
|
|
|
|
|
res = []
|
|
|
|
res.extend(companies)
|
|
|
|
res.extend(actors)
|
|
|
|
res.extend(campaigns)
|
|
|
|
res.extend(exploit)
|
|
|
|
res.extend(exploit_kit)
|
|
|
|
res.extend(ind)
|
|
|
|
|
|
|
|
for r in res:
|
|
|
|
yield r['name']
|
2021-02-05 11:37:34 +01:00
|
|
|
|
2021-02-05 11:17:40 +01:00
|
|
|
def handler(q=False):
|
|
|
|
if q is False:
|
|
|
|
return False
|
|
|
|
request = json.loads(q)
|
2021-03-05 11:06:12 +01:00
|
|
|
print(request)
|
2021-02-05 11:17:40 +01:00
|
|
|
attribute = request['attribute']
|
2021-03-05 11:00:19 +01:00
|
|
|
print(attribute)
|
2021-02-05 11:47:27 +01:00
|
|
|
|
|
|
|
|
|
|
|
def version():
|
|
|
|
moduleinfo['config'] = moduleconfig
|
2021-02-05 12:02:08 +01:00
|
|
|
return moduleinfo
|
|
|
|
|
|
|
|
def introspection():
|
|
|
|
return mispattributes
|