2016-09-28 15:45:01 +02:00
import json
import base64
misperrors = { ' error ' : ' Error ' }
2018-12-11 15:29:09 +01:00
userConfig = { }
2016-09-28 15:45:01 +02:00
inputSource = [ ' file ' ]
2024-08-12 11:23:10 +02:00
moduleinfo = {
' version ' : ' 0.1 ' ,
' author ' : ' Richard van den Berg ' ,
' description ' : ' Module to import MISP JSON format for merging MISP events. ' ,
' module-type ' : [ ' import ' ] ,
' name ' : ' MISP JSON Import ' ,
' logo ' : ' ' ,
' requirements ' : [ ] ,
' features ' : ' The module simply imports MISP Attributes from an other MISP Event in order to merge events together. There is thus no special feature to make it work. ' ,
' references ' : [ ] ,
' input ' : ' MISP Event ' ,
' output ' : ' MISP Event attributes ' ,
}
2016-09-28 15:45:01 +02:00
moduleconfig = [ ]
def handler ( q = False ) :
if q is False :
return False
r = { ' results ' : [ ] }
request = json . loads ( q )
try :
2018-12-11 15:29:09 +01:00
mfile = base64 . b64decode ( request [ " data " ] ) . decode ( ' utf-8 ' )
misp = json . loads ( mfile )
event = misp [ ' response ' ] [ 0 ] [ ' Event ' ]
for a in event [ " Attribute " ] :
tmp = { }
tmp [ " values " ] = a [ " value " ]
tmp [ " categories " ] = a [ " category " ]
tmp [ " types " ] = a [ " type " ]
tmp [ " to_ids " ] = a [ " to_ids " ]
tmp [ " comment " ] = a [ " comment " ]
if a . get ( " data " ) :
tmp [ " data " ] = a [ " data " ]
r [ ' results ' ] . append ( tmp )
except Exception :
pass
2016-09-28 15:45:01 +02:00
return r
2018-12-11 15:29:09 +01:00
2016-09-28 15:45:01 +02:00
def introspection ( ) :
modulesetup = { }
try :
userConfig
modulesetup [ ' userConfig ' ] = userConfig
except NameError :
pass
try :
inputSource
modulesetup [ ' inputSource ' ] = inputSource
except NameError :
pass
return modulesetup
def version ( ) :
moduleinfo [ ' config ' ] = moduleconfig
return moduleinfo
2018-12-11 15:29:09 +01:00
2016-09-28 15:45:01 +02:00
if __name__ == ' __main__ ' :
x = open ( ' test.json ' , ' r ' )
r = handler ( q = x . read ( ) )
print ( json . dumps ( r ) )
