mirror of https://github.com/MISP/misp-modules
add reverse infos
parent
a24b529868
commit
0d120af647
|
@ -158,7 +158,29 @@ def expand_datascan(api, misperror,**kwargs):
|
||||||
def expand_reverse(api, ip, misperror):
|
def expand_reverse(api, ip, misperror):
|
||||||
status_ok = False
|
status_ok = False
|
||||||
r = None
|
r = None
|
||||||
|
status_ok = False
|
||||||
|
r = []
|
||||||
|
results = api.forward(ip)
|
||||||
|
|
||||||
|
domains_reverse = []
|
||||||
|
|
||||||
|
domains = []
|
||||||
|
if results['status'] == 'ok':
|
||||||
|
status_ok = True
|
||||||
|
|
||||||
|
for elem in results['results']:
|
||||||
|
domains_reverse.append(elem['forward'])
|
||||||
|
domains.append(elem['domain'])
|
||||||
|
|
||||||
|
r.append({'types': ['domain'],
|
||||||
|
'values': list(set(domains)),
|
||||||
|
'categories': ['Network activity'],
|
||||||
|
'comment': 'Domains of %s from forward service of Onyphe' % ip})
|
||||||
|
|
||||||
|
r.append({'types': ['domain'],
|
||||||
|
'values': list(set(domains_reverse)),
|
||||||
|
'categories': ['Network activity'],
|
||||||
|
'comment': 'Reverse Domains of %s from forward service of Onyphe' % ip})
|
||||||
return r, status_ok
|
return r, status_ok
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue