From 023c35f5d85ed9c094a0ee0efb67e0241691bc45 Mon Sep 17 00:00:00 2001 From: Sebdraven Date: Thu, 14 Jun 2018 16:47:11 +0200 Subject: [PATCH] add onyphe full module and code the stub --- misp_modules/modules/expansion/onyphe_full.py | 126 ++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 misp_modules/modules/expansion/onyphe_full.py diff --git a/misp_modules/modules/expansion/onyphe_full.py b/misp_modules/modules/expansion/onyphe_full.py new file mode 100644 index 00000000..1b121a96 --- /dev/null +++ b/misp_modules/modules/expansion/onyphe_full.py @@ -0,0 +1,126 @@ +import json +# -*- coding: utf-8 -*- + +import json +try: + from onyphe import Onyphe +except ImportError: + print("pyonyphe module not installed.") + +misperrors = {'error': 'Error'} + +mispattributes = {'input': ['ip-src', 'ip-dst', 'hostname', 'domain'], 'output': ['hostname', 'domain', 'ip-src', 'ip-dst','url']} +# possible module-types: 'expansion', 'hover' or both +moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven', + 'description': 'Query on Onyphe', + 'module-type': ['expansion', 'hover']} + +# config fields that your code expects from the site admin +moduleconfig = ['apikey'] + + +def handler(q=False): + if q: + + request = json.loads(q) + + if not request.get('config') and not (request['config'].get('apikey')): + misperrors['error'] = 'Onyphe authentication is missing' + return misperrors + + api = Onyphe(request['config'].get('apikey')) + + if not api: + misperrors['error'] = 'Onyphe Error instance api' + + ip = '' + if request.get('ip-src'): + ip = request['ip-src'] + return handle_ip(api ,ip, misperrors) + elif request.get('ip-dst'): + ip = request['ip-dst'] + return handle_ip(api,ip,misperrors) + elif request.get('domain'): + domain = request['domain'] + elif request.get('hostname'): + hostname = request['hostname'] + else: + misperrors['error'] = "Unsupported attributes type" + return misperrors + + + else: + return False + + +def handle_domain(api, domain, misperrors): + pass + +def handle_ip(api, ip, misperrors): + result_filtered = {"results": []} + + r,status_ok = expand_syscan(api,ip,misperrors) + + if status_ok: + result_filtered['results'].append(r) + else: + return r + + r, status_ok = expand_datascan(api,misperrors, ip=ip) + + if status_ok: + result_filtered['results'].append(r) + else: + return r + + r, status_ok = expand_forward(api, ip,misperrors) + + if status_ok: + result_filtered['results'].append(r) + else: + return r + + r, status_ok = expand_reverse(api, ip,misperrors) + + if status_ok: + result_filtered['results'].append(r) + else: + return r + + return result_filtered + + +def expand_syscan(api, ip, misperror): + status_ok = False + r = None + + return r,status_ok + + +def expand_datascan(api, misperror,**kwargs): + status_ok = False + r = None + + return r,status_ok + + +def expand_reverse(api, ip, misperror): + status_ok = False + r = None + + return r,status_ok + + +def expand_forward(api, ip, misperror): + status_ok = False + r = None + + return r,status_ok + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo \ No newline at end of file