MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Update yeti.py 

add related observable and AS
pull/488/head
Sebdraven 2021-04-19 17:10:47 +02:00
parent 5e6aec4162
commit 21b52dda15
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
misp_modules/modules/expansion/yeti.py
View File

@ -1,11 +1,12 @@
import json
import logging
try:
import pyeti
except ImportError:
print("pyeti module not installed.")
from pymisp import MISPEvent, MISPObject
from pymisp import MISPEvent, MISPObject, MISPAttribute
misperrors = {'error': 'Error'}
@ -23,7 +24,8 @@ moduleconfig = ['apikey', 'url']
class Yeti():
def __init__(self, url, key,attribute):
self.misp_mapping = {'Ip': 'ip-dst', 'Domain': 'domain', 'Hostname': 'hostname', 'Url': 'url'}
self.misp_mapping = {'Ip': 'ip-dst', 'Domain': 'domain', 'Hostname': 'hostname', 'Url': 'url',
'AutonomousSystem': 'AS'}
self.yeti_client = pyeti.YetiApi(url=url, api_key=key)
self.attribute = attribute
self.misp_event = MISPEvent()
@ -76,12 +78,27 @@ class Yeti():
object_misp_url = self.__get_object_url(obs_to_add)
if object_misp_url:
self.misp_event.add_object(object_misp_url)
if not object_misp_url and not object_misp_url:
attr = self.__get_attribute(obs_to_add)
if attr:
self.misp_event.add_attribute(attr.type, attr.value, tags=attr.tags)
def get_result(self):
event = json.loads(self.misp_event.to_json())
results = {key: event[key] for key in ('Attribute', 'Object')}
return results
def __get_attribute(self, obs_to_add):
attr = MISPAttribute()
attr.value = obs_to_add['value']
try:
attr.type = self.misp_mapping[obs_to_add['type']]
except KeyError:
logging.error('type not found %s' % obs_to_add['type'])
return
attr.tags.extend([t['name'] for t in obs_to_add['tags']])
return attr
def __get_object_domain_ip(self, obj_to_add):
if (obj_to_add['type'] == 'Ip' and self.attribute['type'] in ['hostname','domain']) or\
(obj_to_add['type'] in ('Hostname', 'Domain') and self.attribute['type'] in ('ip-src', 'ip-dst')):