mirror of https://github.com/MISP/misp-modules
add targeting os
parent
7580c63433
commit
2e0e63fad6
|
@ -58,16 +58,22 @@ def handle_expansion(api, ip, misperrors):
|
||||||
result_filtered = {"results": []}
|
result_filtered = {"results": []}
|
||||||
urls_pasties = []
|
urls_pasties = []
|
||||||
asn_list = []
|
asn_list = []
|
||||||
|
os_list = []
|
||||||
for r in result['results']:
|
for r in result['results']:
|
||||||
if r['@category'] == 'pastries':
|
if r['@category'] == 'pastries':
|
||||||
if r['@type'] == 'pastebin':
|
if r['@type'] == 'pastebin':
|
||||||
urls_pasties.append('https://pastebin.com/raw/%s' % r['key'])
|
urls_pasties.append('https://pastebin.com/raw/%s' % r['key'])
|
||||||
elif r['@category'] == 'synscan':
|
elif r['@category'] == 'synscan':
|
||||||
asn_list.append(r['asn'])
|
asn_list.append(r['asn'])
|
||||||
|
os_list.append(r['os'])
|
||||||
result_filtered['results'].append({'types': ['url'], 'values': urls_pasties,
|
result_filtered['results'].append({'types': ['url'], 'values': urls_pasties,
|
||||||
'categories': ['External analysis']})
|
'categories': ['External analysis']})
|
||||||
result_filtered['results'].append({'types': ['AS'], 'values': list(set(asn_list)),
|
result_filtered['results'].append({'types': ['AS'], 'values': list(set(asn_list)),
|
||||||
'categories': ['Network activity']})
|
'categories': ['Network activity']})
|
||||||
|
|
||||||
|
result_filtered['results'].append({'types': ['target-machine'],
|
||||||
|
'values': list(set(os_list)),
|
||||||
|
'categories': ['Targeting data']})
|
||||||
return result_filtered
|
return result_filtered
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue