fix: Fixed references between domaininfo/ipinfo & their targets

- Fixed references when no target id is set
- Fixed domaininfo parsing when no ip is defined
pull/305/head
chrisr3d 2019-06-03 18:38:58 +10:00
parent 0d40830a7f
commit 07698e5c72
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 22 additions and 13 deletions

View File

@ -241,25 +241,28 @@ class JoeParser():
domaininfo = self.data['domaininfo']
if domaininfo:
for domain in domaininfo['domain']:
if domain['@ip'] != 'unknown':
domain_object = MISPObject('domain-ip')
for key, mapping in domain_object_mapping.items():
attribute_type, object_relation = mapping
domain_object.add_attribute(object_relation, **{'type': attribute_type, 'value': domain[key]})
domain_object.add_attribute(object_relation,
**{'type': attribute_type, 'value': domain[key]})
self.misp_event.add_object(**domain_object)
self.references[self.process_references[(int(domain['@targetid']), domain['@currentpath'])]].append({
'idref': domain_object.uuid,
'relationship': 'contacts'
})
reference = {'idref': domain_object.uuid, 'relationship': 'contacts'}
self.add_process_reference(domain['@targetid'], domain['@currentpath'], reference)
else:
attribute = MISPAttribute()
attribute.from_dict(**{'type': 'domain', 'value': domain['@name']})
reference = {'idref': attribute.uuid, 'relationship': 'contacts'}
self.add_process_reference(domain['@targetid'], domain['@currentpath'], reference)
ipinfo = self.data['ipinfo']
if ipinfo:
for ip in ipinfo['ip']:
attribute = MISPAttribute()
attribute.from_dict(**{'type': 'ip-dst', 'value': ip['@ip']})
self.misp_event.add_attribute(**attribute)
self.references[self.process_references[(int(ip['@targetid']), ip['@currentpath'])]].append({
'idref': attribute.uuid,
'relationship': 'contacts'
})
reference = {'idref': attribute.uuid, 'relationship': 'contacts'}
self.add_process_reference(ip['@targetid'], ip['@currentpath'], reference)
urlinfo = self.data['urlinfo']
if urlinfo:
for url in urlinfo['url']:
@ -299,6 +302,12 @@ class JoeParser():
self.misp_event.add_object(**registry_key)
self.references[process_uuid].append({'idref': registry_key.uuid, 'relationship': relationship_type})
def add_process_reference(self, target, currentpath, reference):
try:
self.references[self.process_references[(int(target), currentpath)]].append(reference)
except KeyError:
self.references[self.analysisinfo_uuid].append(reference)
def create_attribute(self, attribute_type, attribute_value):
attribute = MISPAttribute()
attribute.from_dict(**{'type': attribute_type, 'value': attribute_value})