From 2e0e63fad60050e163ad0e6aa898e775fab04d84 Mon Sep 17 00:00:00 2001
From: Sebdraven <slarinier@gmail.com>
Date: Mon, 11 Jun 2018 11:25:17 +0200
Subject: [PATCH] add targeting os

---
 misp_modules/modules/expansion/onyphe.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/misp_modules/modules/expansion/onyphe.py b/misp_modules/modules/expansion/onyphe.py
index ea59ea2..30bb179 100644
--- a/misp_modules/modules/expansion/onyphe.py
+++ b/misp_modules/modules/expansion/onyphe.py
@@ -58,16 +58,22 @@ def handle_expansion(api, ip, misperrors):
     result_filtered = {"results": []}
     urls_pasties = []
     asn_list = []
+    os_list = []
     for r in result['results']:
         if r['@category'] == 'pastries':
             if r['@type'] == 'pastebin':
                 urls_pasties.append('https://pastebin.com/raw/%s' % r['key'])
         elif r['@category'] == 'synscan':
             asn_list.append(r['asn'])
+            os_list.append(r['os'])
     result_filtered['results'].append({'types': ['url'], 'values': urls_pasties,
                                        'categories': ['External analysis']})
     result_filtered['results'].append({'types': ['AS'], 'values': list(set(asn_list)),
                                        'categories': ['Network activity']})
+
+    result_filtered['results'].append({'types': ['target-machine'],
+                                       'values': list(set(os_list)),
+                                       'categories': ['Targeting data']})
     return result_filtered