MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

updated

pull/618/head
Usama015 2023-06-20 12:49:05 +05:00
parent 00f1af5c59
commit 36fb91882a
1 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
misp_modules/modules/expansion/ipgeolocation.py
View File

@ -1,4 +1,5 @@
import json import json
import traceback
import requests import requests
from pymisp import MISPAttribute, MISPEvent, MISPObject from pymisp import MISPAttribute, MISPEvent, MISPObject
@ -32,8 +33,8 @@ def handler(q=False):
ip = request['attribute']['value'] ip = request['attribute']['value']
apiKey = request['config']['apiKey'] apiKey = request['config']['apiKey']
# Correct # Correct
return handle_ip(apiKey, ip, attribute) response = handle_ip(apiKey, ip, attribute)
return {'error' : f'Completed Response - {response}'}
def handle_ip(apiKey, ip, attribute): def handle_ip(apiKey, ip, attribute):
@ -49,23 +50,37 @@ def handle_ip(apiKey, ip, attribute):
return {'error': 'The IP address(bogon IP) is reserved for special use'} return {'error': 'The IP address(bogon IP) is reserved for special use'}
else: else:
return {'error': 'Error Occurred during IP data Extraction from Message'} return {'error': 'Error Occurred during IP data Extraction from Message'}
misp_event = MISPEvent() try:
input_attribute = MISPAttribute() misp_event = MISPEvent()
input_attribute.from_dict(**attribute) input_attribute = MISPAttribute()
misp_event.add_attribute(**input_attribute) # input_attribute.from_dict(**attribute)
misp_event.add_attribute(**input_attribute)
except Exception:
return {'error': f'Error on line 58 - {traceback.print_exc()}'}
ipObject = MISPObject('ip-api-address') ipObject = MISPObject('ip-api-address')
# Correct # Correct
mapping = get_mapping() try:
for field, relation in mapping.items(): mapping = get_mapping()
ipObject.add_attribute(relation, results[field]) except Exception:
misp_event.add_object(ipObject) return {'error': f'Error on line 66 - {traceback.print_exc()}'}
try:
for field, relation in mapping.items():
ipObject.add_attribute(relation, results[field])
except Exception:
return {'error': f'Error on line 71 - {traceback.print_exc()}'}
try:
misp_event.add_object(ipObject)
except Exception:
return {'error': f'Error on line 75 - {traceback.print_exc()}'}
# Return the results in MISP format # Return the results in MISP format
event = json.loads(misp_event.to_json()) try:
return { event = json.loads(misp_event.to_json())
'results': {key: event[key] for key in ('Attribute', 'Object')} return {
} 'results': {key: event[key] for key in ('Attribute', 'Object')}
}
except Exception:
return {'error': f'Error on line 83 - {traceback.print_exc()}'}
def query_ipgeolocation(apiKey, ip): def query_ipgeolocation(apiKey, ip):
@ -101,13 +116,14 @@ def version():
moduleinfo['config'] = moduleconfig moduleinfo['config'] = moduleconfig
return moduleinfo return moduleinfo
# def main(): def main():
# attribute = { attribute = {
# 'type' : 'ip-src', 'type' : 'ip-src',
# 'value' : '20.20.12.154' 'value' : '20.20.12.154'
# } }
# handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute) handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)
# if __name__ == '__main__': if __name__ == '__main__':
# main() main()