diff --git a/.gitignore b/.gitignore index e4adeb2..323f87a 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,7 @@ docs/export_mod* site* #pycharm env -.idea/* \ No newline at end of file +.idea/* + +#venv +venv* \ No newline at end of file diff --git a/misp_modules/modules/expansion/yeti.py b/misp_modules/modules/expansion/yeti.py index 863bcd9..8991aa5 100644 --- a/misp_modules/modules/expansion/yeti.py +++ b/misp_modules/modules/expansion/yeti.py @@ -17,23 +17,54 @@ moduleinfo = {'version': '1', 'author': 'Sebastien Larinier @sebdraven', moduleconfig = ['apikey', 'url'] -class Yeti: +class Yeti(pyeti.YetiApi): def __init__(self, url, key): - self.api = pyeti.YetiApi(url, api_key=key) + super(Yeti, self).__init__(url, key) self.dict = {'Ip': 'ip-src', 'Domain': 'domain', 'Hostname': 'hostname'} def search(self, value): - obs = self.api.observable_search(value=value) + obs = self.observable_search(value=value) if obs: - return obs + return obs[0] + def get_neighboors(self, obs_id): + neighboors = self.neighbors_observables(obs_id) + if neighboors and 'objs' in neighboors: + for n in neighboors: + yield n + + def get_tags(self, value): + obs = self.search(value) + if obs: + for t in obs['tags']: + yield t + + def get_entity(self, obs_id): + companies = self.observable_to_company(obs_id) + actors = self.observable_to_actor(obs_id) + campaigns = self.observable_to_campaign(obs_id) + exploit_kit = self.observable_to_exploitkit(obs_id) + exploit = self.observable_to_exploit(obs_id) + ind = self.observable_to_indicator(obs_id) + + res = [] + res.extend(companies) + res.extend(actors) + res.extend(campaigns) + res.extend(exploit) + res.extend(exploit_kit) + res.extend(ind) + + for r in res: + yield r['name'] def handler(q=False): if q is False: return False request = json.loads(q) attribute = request['attribute'] + print(attribute) def version():