From 385af28a0ad62e5e945dc36f8db0f77349aa3ff5 Mon Sep 17 00:00:00 2001 From: Sebdraven Date: Tue, 20 Apr 2021 12:07:06 +0200 Subject: [PATCH] Update yeti.py add descripton --- misp_modules/modules/expansion/yeti.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/misp_modules/modules/expansion/yeti.py b/misp_modules/modules/expansion/yeti.py index ecb647f..a27f5eb 100644 --- a/misp_modules/modules/expansion/yeti.py +++ b/misp_modules/modules/expansion/yeti.py @@ -39,8 +39,10 @@ class Yeti(): def get_neighboors(self, obs_id): neighboors = self.yeti_client.neighbors_observables(obs_id) if neighboors and 'objs' in neighboors: + links_by_id = {link['id']: link['description'] for link in neighboors['links']} + for n in neighboors['objs']: - yield n + yield n, links_by_id[n['id']] def get_tags(self, value): obs = self.search(value) @@ -71,7 +73,7 @@ class Yeti(): obs = self.search(self.attribute['value']) values = [] types = [] - for obs_to_add in self.get_neighboors(obs['id']): + for obs_to_add, link in self.get_neighboors(obs['id']): object_misp_domain_ip = self.__get_object_domain_ip(obs_to_add) if object_misp_domain_ip: self.misp_event.add_object(object_misp_domain_ip) @@ -79,14 +81,14 @@ class Yeti(): if object_misp_url: self.misp_event.add_object(object_misp_url) if not object_misp_url and not object_misp_url: - self.__get_attribute(obs_to_add) + self.__get_attribute(obs_to_add, link) def get_result(self): event = json.loads(self.misp_event.to_json()) results = {key: event[key] for key in ('Attribute', 'Object')} return results - def __get_attribute(self, obs_to_add): + def __get_attribute(self, obs_to_add, link): try: type_attr = self.misp_mapping[obs_to_add['type']] @@ -96,6 +98,7 @@ class Yeti(): else: value = obs_to_add['value'] attr = self.misp_event.add_attribute(value=value, type=type_attr) + attr.comment = '%s of %s' % (link, self.attribute['value']) except KeyError: logging.error('type not found %s' % obs_to_add['type']) return