2019-06-04 03:33:42 +02:00
|
|
|
import os
|
|
|
|
import sys
|
2020-05-30 02:21:20 +02:00
|
|
|
|
2019-06-04 03:33:42 +02:00
|
|
|
sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))
|
2016-11-15 16:43:11 +01:00
|
|
|
|
2019-04-18 14:25:05 +02:00
|
|
|
__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',
|
2020-10-24 02:40:31 +02:00
|
|
|
'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools', 'eupi',
|
|
|
|
'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
|
2020-02-13 04:31:41 +01:00
|
|
|
'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',
|
2018-12-11 13:30:52 +01:00
|
|
|
'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',
|
|
|
|
'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',
|
|
|
|
'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator',
|
|
|
|
'sigma_queries', 'dbl_spamhaus', 'vulners', 'yara_query', 'macaddress_io',
|
2019-04-24 14:01:48 +02:00
|
|
|
'intel471', 'backscatter_io', 'btc_scam_check', 'hibp', 'greynoise', 'macvendors',
|
2019-10-18 11:09:10 +02:00
|
|
|
'qrcode', 'ocr_enrich', 'pdf_enrich', 'docx_enrich', 'xlsx_enrich', 'pptx_enrich',
|
|
|
|
'ods_enrich', 'odt_enrich', 'joesandbox_submit', 'joesandbox_query', 'urlhaus',
|
2019-12-18 17:11:13 +01:00
|
|
|
'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', 'apivoid',
|
2020-03-18 18:05:57 +01:00
|
|
|
'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',
|
2020-05-30 02:21:20 +02:00
|
|
|
'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',
|
2021-11-22 21:46:46 +01:00
|
|
|
'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',
|
2021-12-26 23:34:00 +01:00
|
|
|
'qintel_qsentry', 'mwdb']
|
2020-07-28 11:47:53 +02:00
|
|
|
|
|
|
|
|
|
|
|
minimum_required_fields = ('type', 'uuid', 'value')
|
|
|
|
|
|
|
|
checking_error = 'containing at least a "type" field and a "value" field'
|
|
|
|
standard_error_message = 'This module requires an "attribute" field as input'
|
|
|
|
|
2020-07-28 15:06:25 +02:00
|
|
|
|
2020-07-28 11:47:53 +02:00
|
|
|
def check_input_attribute(attribute, requirements=minimum_required_fields):
|
2021-12-26 23:34:00 +01:00
|
|
|
return all(feature in attribute for feature in requirements)
|