misp-modules/misp_modules/modules/export_mod/liteexport.py

89 lines
2.5 KiB
Python
Raw Normal View History

2017-02-21 16:48:09 +01:00
import json
import base64
misperrors = {'error': 'Error'}
2018-12-11 15:29:09 +01:00
moduleinfo = {'version': '1',
'author': 'TM',
'description': 'export lite',
'module-type': ['export']}
2017-02-21 16:48:09 +01:00
2017-04-21 15:53:48 +02:00
moduleconfig = ["indent_json_export"]
2017-02-21 16:48:09 +01:00
mispattributes = {}
outputFileExtension = "json"
responseType = "application/json"
2018-12-11 15:29:09 +01:00
2017-02-21 16:48:09 +01:00
def handler(q=False):
2018-12-11 15:29:09 +01:00
if q is False:
return False
request = json.loads(q)
config = {}
if "config" in request:
config = request["config"]
else:
config = {"indent_json_export": None}
if config['indent_json_export'] is not None:
try:
config['indent_json_export'] = int(config['indent_json_export'])
except Exception:
config['indent_json_export'] = None
if 'data' not in request:
return False
# ~ Misp json structur
liteEvent = {'Event': {}}
for evt in request['data']:
rawEvent = evt['Event']
liteEvent['Event']['info'] = rawEvent['info']
liteEvent['Event']['Attribute'] = []
attrs = evt['Attribute']
for attr in attrs:
if 'Internal reference' not in attr['category']:
liteAttr = {}
liteAttr['category'] = attr['category']
liteAttr['type'] = attr['type']
liteAttr['value'] = attr['value']
liteEvent['Event']['Attribute'].append(liteAttr)
return {'response': [],
'data': str(base64.b64encode(bytes(
json.dumps(liteEvent, indent=config['indent_json_export']), 'utf-8')), 'utf-8')}
2017-02-21 16:48:09 +01:00
def introspection():
2018-12-11 15:29:09 +01:00
modulesetup = {}
try:
responseType
modulesetup['responseType'] = responseType
except NameError:
pass
try:
userConfig
modulesetup['userConfig'] = userConfig
except NameError:
pass
try:
outputFileExtension
modulesetup['outputFileExtension'] = outputFileExtension
except NameError:
pass
try:
inputSource
modulesetup['inputSource'] = inputSource
except NameError:
pass
return modulesetup
2017-02-21 16:48:09 +01:00
def version():
2018-12-11 15:29:09 +01:00
moduleinfo['config'] = moduleconfig
return moduleinfo