Merge pull request #564 from scottdermott/main

* Fix for @chrisr3d - [joesandbox_query] Changed the import_pe param to `import_executable`
2022-04-07 23:06:53 +02:00 · 2022-04-07 23:06:53 +02:00 · 12359fdf93
parent 9779a30337 7f5174efd5
commit 12359fdf93
2 changed files with 2 additions and 2 deletions
--- a/misp_modules/lib/joe_parser.py
+++ b/misp_modules/lib/joe_parser.py
@ -111,7 +111,7 @@ class JoeParser():
            if network.get(protocol):
                for packet in network[protocol]['packet']:
                    timestamp = datetime.strptime(self.parse_timestamp(packet['timestamp']), '%b %d, %Y %H:%M:%S.%f')
-                    connections[tuple(packet[field] for field in network_behavior_fields)][protocol].add(timestamp)
+                    connections[tuple(packet.get(field) for field in network_behavior_fields)][protocol].add(timestamp)
        for connection, data in connections.items():
            attributes = self.prefetch_attributes_data(connection)
            if len(data.keys()) == len(set(protocols[protocol] for protocol in data.keys())):
--- a/misp_modules/modules/expansion/joesandbox_query.py
+++ b/misp_modules/modules/expansion/joesandbox_query.py
@ -21,7 +21,7 @@ def handler(q=False):
    apiurl = request['config'].get('apiurl') or 'https://jbxcloud.joesecurity.org/api'
    apikey = request['config'].get('apikey')
    parser_config = {
-        "import_pe": request["config"].get('import_executable', "false") == "true",
+        "import_executable": request["config"].get('import_executable', "false") == "true",
        "mitre_attack": request["config"].get('import_mitre_attack', "false") == "true",
    }