2019-06-04 03:33:42 +02:00
|
|
|
import os
|
|
|
|
import sys
|
2020-05-30 02:21:20 +02:00
|
|
|
|
2019-06-04 03:33:42 +02:00
|
|
|
sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))
|
2016-11-15 16:43:11 +01:00
|
|
|
|
2019-04-18 14:25:05 +02:00
|
|
|
__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',
|
2023-10-20 10:37:21 +02:00
|
|
|
'cluster25_expand', 'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools',
|
2023-10-18 16:18:29 +02:00
|
|
|
'eupi', 'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
|
2020-02-13 04:31:41 +01:00
|
|
|
'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',
|
2018-12-11 13:30:52 +01:00
|
|
|
'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',
|
|
|
|
'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',
|
|
|
|
'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator',
|
|
|
|
'sigma_queries', 'dbl_spamhaus', 'vulners', 'yara_query', 'macaddress_io',
|
2019-04-24 14:01:48 +02:00
|
|
|
'intel471', 'backscatter_io', 'btc_scam_check', 'hibp', 'greynoise', 'macvendors',
|
2019-10-18 11:09:10 +02:00
|
|
|
'qrcode', 'ocr_enrich', 'pdf_enrich', 'docx_enrich', 'xlsx_enrich', 'pptx_enrich',
|
|
|
|
'ods_enrich', 'odt_enrich', 'joesandbox_submit', 'joesandbox_query', 'urlhaus',
|
2019-12-18 17:11:13 +01:00
|
|
|
'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', 'apivoid',
|
2020-03-18 18:05:57 +01:00
|
|
|
'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',
|
2020-05-30 02:21:20 +02:00
|
|
|
'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',
|
2024-08-10 08:06:14 +02:00
|
|
|
'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive_ssh',
|
2022-10-24 14:53:00 +02:00
|
|
|
'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring',
|
2024-08-10 08:06:14 +02:00
|
|
|
'clamav', 'jinja_template_rendering', 'hyasinsight', 'variotdbs', 'crowdsec',
|
2024-07-12 18:04:16 +02:00
|
|
|
'extract_url_components', 'ipinfo', 'whoisfreaks', 'ip2locationio', 'stairwell',
|
2024-08-10 08:06:14 +02:00
|
|
|
'google_threat_intelligence', 'vulnerability_lookup', 'vysion', 'mcafee_insights_enrich',
|
|
|
|
'threatfox', 'yeti', 'abuseipdb', 'vmware_nsx', 'sigmf_expand', 'google_safe_browsing',
|
2024-08-20 01:50:27 +02:00
|
|
|
'google_search', 'triage_submit', 'virustotal_upload', 'malshare_upload' ]
|
2020-07-28 11:47:53 +02:00
|
|
|
|
|
|
|
|
|
|
|
minimum_required_fields = ('type', 'uuid', 'value')
|
|
|
|
|
|
|
|
checking_error = 'containing at least a "type" field and a "value" field'
|
|
|
|
standard_error_message = 'This module requires an "attribute" field as input'
|
|
|
|
|
2020-07-28 15:06:25 +02:00
|
|
|
|
2020-07-28 11:47:53 +02:00
|
|
|
def check_input_attribute(attribute, requirements=minimum_required_fields):
|
2021-12-26 23:34:00 +01:00
|
|
|
return all(feature in attribute for feature in requirements)
|