MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

added comments

pull/422/head
Jesse Hedden 2020-08-09 20:36:47 -07:00
parent 2d464adfd6
commit 0b576faa68
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
misp_modules/modules/expansion/trustar_enrich.py
View File

@ -99,6 +99,7 @@ class TruSTARParser:
:param metadata: <trustar.Indicator> Indicator metadata report. :param metadata: <trustar.Indicator> Indicator metadata report.
:return: <str> Enrichment report. :return: <str> Enrichment report.
""" """
# Preserve order of fields as they exist in SUMMARY_FIELDS and METADATA_FIELDS
enrichment_report = OrderedDict() enrichment_report = OrderedDict()
if summary: if summary:
@ -147,11 +148,13 @@ class TruSTARParser:
trustar_obj.add_attribute("REPORT_LINK", attribute_type="link", value=report_link) trustar_obj.add_attribute("REPORT_LINK", attribute_type="link", value=report_link)
self.misp_event.add_object(**trustar_obj) self.misp_event.add_object(**trustar_obj)
elif not tags: elif not tags:
# If enrichment report is empty and there are no tags, nothing to add to attribute
raise Exception("No relevant data found") raise Exception("No relevant data found")
if tags: if tags:
for tag in tags: for tag in tags:
self.misp_event.add_attribute_tag(tag, indicator) self.misp_event.add_attribute_tag(tag, indicator)
except Exception as e: except Exception as e:
misperrors['error'] += f" -- Error enriching attribute {indicator} -- {e}" misperrors['error'] += f" -- Error enriching attribute {indicator} -- {e}"
raise e raise e
@ -177,18 +180,18 @@ def handler(q=False):
attribute = request['attribute'] attribute = request['attribute']
trustar_parser = TruSTARParser(attribute, config) trustar_parser = TruSTARParser(attribute, config)
metadata = None
summary = None
try: try:
metadata = trustar_parser.ts_client.get_indicators_metadata([Indicator(value=attribute['value'])])[0] metadata = trustar_parser.ts_client.get_indicators_metadata([Indicator(value=attribute['value'])])[0]
except Exception as e: except Exception as e:
metadata = None
misperrors['error'] += f" -- Could not retrieve indicator metadata from TruSTAR {e}" misperrors['error'] += f" -- Could not retrieve indicator metadata from TruSTAR {e}"
try: try:
summary = list( summary = list(
trustar_parser.ts_client.get_indicator_summaries([attribute['value']], page_size=MAX_PAGE_SIZE))[0] trustar_parser.ts_client.get_indicator_summaries([attribute['value']], page_size=MAX_PAGE_SIZE))[0]
except Exception as e: except Exception as e:
summary = None
misperrors['error'] += f" -- Unable to retrieve TruSTAR summary data: {e}" misperrors['error'] += f" -- Unable to retrieve TruSTAR summary data: {e}"
try: try: