MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Fixed some details about the module output

pull/168/head
chrisr3d 2018-02-28 17:41:45 +01:00
parent 8f5c08e2c6
commit 323f71cdd3
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
misp_modules/modules/import_mod/goamlimport.py
View File

@ -1,4 +1,4 @@
import json, datetime import json, datetime, time
import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
from collections import defaultdict from collections import defaultdict
from pymisp import MISPEvent, MISPObject from pymisp import MISPEvent, MISPObject
@ -85,7 +85,8 @@ class GoAmlParser():
self.itterate(t, 'transaction') self.itterate(t, 'transaction')
def first_itteration(self): def first_itteration(self):
self.misp_event.timestamp = self.tree.find('submission_date').text submission_date = self.tree.find('submission_date').text.split('+')[0]
self.misp_event.timestamp = int(time.mktime(time.strptime(submission_date, "%Y-%m-%dT%H:%M:%S")))
for node in goAMLobjects['report']['nodes']: for node in goAMLobjects['report']['nodes']:
element = self.tree.find(node) element = self.tree.find(node)
if element is not None: if element is not None:
@ -149,7 +150,8 @@ def handler(q=False):
misperrors['error'] = "Impossible to read the file" misperrors['error'] = "Impossible to read the file"
return misperrors return misperrors
aml_parser.parse_xml() aml_parser.parse_xml()
return aml_parser.misp_event.to_json() r = {'results': [{'types': mispattributes['output'], 'values': aml_parser.misp_event.to_json()}]}
return r
def introspection(): def introspection():
return mispattributes return mispattributes