mirror of https://github.com/MISP/misp-modules
improve forwards-compatibility
parent
8ac651562e
commit
380b8d46ba
|
@ -168,6 +168,10 @@ class JoeParser():
|
||||||
|
|
||||||
def parse_fileactivities(self, process_uuid, fileactivities):
|
def parse_fileactivities(self, process_uuid, fileactivities):
|
||||||
for feature, files in fileactivities.items():
|
for feature, files in fileactivities.items():
|
||||||
|
# ignore unknown features
|
||||||
|
if feature not in file_references_mapping:
|
||||||
|
continue
|
||||||
|
|
||||||
if files:
|
if files:
|
||||||
for call in files['call']:
|
for call in files['call']:
|
||||||
self.attributes['filename'][call['path']].add((process_uuid, file_references_mapping[feature]))
|
self.attributes['filename'][call['path']].add((process_uuid, file_references_mapping[feature]))
|
||||||
|
@ -198,6 +202,7 @@ class JoeParser():
|
||||||
name = feature['name']
|
name = feature['name']
|
||||||
if name == 'InternalName':
|
if name == 'InternalName':
|
||||||
program_name = feature['value']
|
program_name = feature['value']
|
||||||
|
if name in pe_object_mapping:
|
||||||
pe_object.add_attribute(pe_object_mapping[name], **{'type': 'text', 'value': feature['value']})
|
pe_object.add_attribute(pe_object_mapping[name], **{'type': 'text', 'value': feature['value']})
|
||||||
sections_number = len(peinfo['sections']['section'])
|
sections_number = len(peinfo['sections']['section'])
|
||||||
pe_object.add_attribute('number-sections', **{'type': 'counter', 'value': sections_number})
|
pe_object.add_attribute('number-sections', **{'type': 'counter', 'value': sections_number})
|
||||||
|
|
Loading…
Reference in New Issue