mirror of https://github.com/MISP/misp-modules
updated
parent
00f1af5c59
commit
36fb91882a
|
@ -1,4 +1,5 @@
|
||||||
import json
|
import json
|
||||||
|
import traceback
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
@ -32,8 +33,8 @@ def handler(q=False):
|
||||||
ip = request['attribute']['value']
|
ip = request['attribute']['value']
|
||||||
apiKey = request['config']['apiKey']
|
apiKey = request['config']['apiKey']
|
||||||
# Correct
|
# Correct
|
||||||
return handle_ip(apiKey, ip, attribute)
|
response = handle_ip(apiKey, ip, attribute)
|
||||||
|
return {'error' : f'Completed Response - {response}'}
|
||||||
|
|
||||||
def handle_ip(apiKey, ip, attribute):
|
def handle_ip(apiKey, ip, attribute):
|
||||||
|
|
||||||
|
@ -49,23 +50,37 @@ def handle_ip(apiKey, ip, attribute):
|
||||||
return {'error': 'The IP address(bogon IP) is reserved for special use'}
|
return {'error': 'The IP address(bogon IP) is reserved for special use'}
|
||||||
else:
|
else:
|
||||||
return {'error': 'Error Occurred during IP data Extraction from Message'}
|
return {'error': 'Error Occurred during IP data Extraction from Message'}
|
||||||
misp_event = MISPEvent()
|
try:
|
||||||
input_attribute = MISPAttribute()
|
misp_event = MISPEvent()
|
||||||
input_attribute.from_dict(**attribute)
|
input_attribute = MISPAttribute()
|
||||||
misp_event.add_attribute(**input_attribute)
|
# input_attribute.from_dict(**attribute)
|
||||||
|
misp_event.add_attribute(**input_attribute)
|
||||||
|
except Exception:
|
||||||
|
return {'error': f'Error on line 58 - {traceback.print_exc()}'}
|
||||||
|
|
||||||
ipObject = MISPObject('ip-api-address')
|
ipObject = MISPObject('ip-api-address')
|
||||||
# Correct
|
# Correct
|
||||||
mapping = get_mapping()
|
try:
|
||||||
for field, relation in mapping.items():
|
mapping = get_mapping()
|
||||||
ipObject.add_attribute(relation, results[field])
|
except Exception:
|
||||||
misp_event.add_object(ipObject)
|
return {'error': f'Error on line 66 - {traceback.print_exc()}'}
|
||||||
|
try:
|
||||||
|
for field, relation in mapping.items():
|
||||||
|
ipObject.add_attribute(relation, results[field])
|
||||||
|
except Exception:
|
||||||
|
return {'error': f'Error on line 71 - {traceback.print_exc()}'}
|
||||||
|
try:
|
||||||
|
misp_event.add_object(ipObject)
|
||||||
|
except Exception:
|
||||||
|
return {'error': f'Error on line 75 - {traceback.print_exc()}'}
|
||||||
# Return the results in MISP format
|
# Return the results in MISP format
|
||||||
event = json.loads(misp_event.to_json())
|
try:
|
||||||
return {
|
event = json.loads(misp_event.to_json())
|
||||||
'results': {key: event[key] for key in ('Attribute', 'Object')}
|
return {
|
||||||
}
|
'results': {key: event[key] for key in ('Attribute', 'Object')}
|
||||||
|
}
|
||||||
|
except Exception:
|
||||||
|
return {'error': f'Error on line 83 - {traceback.print_exc()}'}
|
||||||
|
|
||||||
|
|
||||||
def query_ipgeolocation(apiKey, ip):
|
def query_ipgeolocation(apiKey, ip):
|
||||||
|
@ -101,13 +116,14 @@ def version():
|
||||||
moduleinfo['config'] = moduleconfig
|
moduleinfo['config'] = moduleconfig
|
||||||
return moduleinfo
|
return moduleinfo
|
||||||
|
|
||||||
# def main():
|
def main():
|
||||||
# attribute = {
|
attribute = {
|
||||||
# 'type' : 'ip-src',
|
'type' : 'ip-src',
|
||||||
# 'value' : '20.20.12.154'
|
'value' : '20.20.12.154'
|
||||||
# }
|
}
|
||||||
# handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)
|
handle_ip('efe037a76a17432fad2dbdca8299d559','21.02.15.123', attribute)
|
||||||
|
|
||||||
# if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
# main()
|
main()
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue