From f73b961330f96b65b85bb7de7ff6af80724a12b6 Mon Sep 17 00:00:00 2001
From: "Dermott, Scott" <scott.j.dermott@accenture.com>
Date: Thu, 7 Apr 2022 14:44:22 +0100
Subject: [PATCH 1/2] * Fix for @chrisr3d - [joesandbox_query] Changed the
 import_pe param to `import_executable`

---
 misp_modules/modules/expansion/joesandbox_query.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misp_modules/modules/expansion/joesandbox_query.py b/misp_modules/modules/expansion/joesandbox_query.py
index f90d5db..e303512 100644
--- a/misp_modules/modules/expansion/joesandbox_query.py
+++ b/misp_modules/modules/expansion/joesandbox_query.py
@@ -21,7 +21,7 @@ def handler(q=False):
     apiurl = request['config'].get('apiurl') or 'https://jbxcloud.joesecurity.org/api'
     apikey = request['config'].get('apikey')
     parser_config = {
-        "import_pe": request["config"].get('import_executable', "false") == "true",
+        "import_executable": request["config"].get('import_executable', "false") == "true",
         "mitre_attack": request["config"].get('import_mitre_attack', "false") == "true",
     }
 

From 7f5174efd5ba74aea4560b8260cdd7d0a64fae57 Mon Sep 17 00:00:00 2001
From: "Dermott, Scott" <scott.j.dermott@accenture.com>
Date: Thu, 7 Apr 2022 15:10:15 +0100
Subject: [PATCH 2/2] * Fix if network_behavior_field doesn't exist in packet

---
 misp_modules/lib/joe_parser.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misp_modules/lib/joe_parser.py b/misp_modules/lib/joe_parser.py
index 8ae57a9..e701ff3 100644
--- a/misp_modules/lib/joe_parser.py
+++ b/misp_modules/lib/joe_parser.py
@@ -111,7 +111,7 @@ class JoeParser():
             if network.get(protocol):
                 for packet in network[protocol]['packet']:
                     timestamp = datetime.strptime(self.parse_timestamp(packet['timestamp']), '%b %d, %Y %H:%M:%S.%f')
-                    connections[tuple(packet[field] for field in network_behavior_fields)][protocol].add(timestamp)
+                    connections[tuple(packet.get(field) for field in network_behavior_fields)][protocol].add(timestamp)
         for connection, data in connections.items():
             attributes = self.prefetch_attributes_data(connection)
             if len(data.keys()) == len(set(protocols[protocol] for protocol in data.keys())):