MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Update yeti.py 

add descripton
pull/488/head
Sebdraven 2021-04-20 12:07:06 +02:00
parent 8ea3d5c5c7
commit 385af28a0a
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
misp_modules/modules/expansion/yeti.py
View File

@ -39,8 +39,10 @@ class Yeti():
def get_neighboors(self, obs_id): def get_neighboors(self, obs_id):
neighboors = self.yeti_client.neighbors_observables(obs_id) neighboors = self.yeti_client.neighbors_observables(obs_id)
if neighboors and 'objs' in neighboors: if neighboors and 'objs' in neighboors:
links_by_id = {link['id']: link['description'] for link in neighboors['links']}
for n in neighboors['objs']: for n in neighboors['objs']:
yield n yield n, links_by_id[n['id']]
def get_tags(self, value): def get_tags(self, value):
obs = self.search(value) obs = self.search(value)
@ -71,7 +73,7 @@ class Yeti():
obs = self.search(self.attribute['value']) obs = self.search(self.attribute['value'])
values = [] values = []
types = [] types = []
for obs_to_add in self.get_neighboors(obs['id']): for obs_to_add, link in self.get_neighboors(obs['id']):
object_misp_domain_ip = self.__get_object_domain_ip(obs_to_add) object_misp_domain_ip = self.__get_object_domain_ip(obs_to_add)
if object_misp_domain_ip: if object_misp_domain_ip:
self.misp_event.add_object(object_misp_domain_ip) self.misp_event.add_object(object_misp_domain_ip)
@ -79,14 +81,14 @@ class Yeti():
if object_misp_url: if object_misp_url:
self.misp_event.add_object(object_misp_url) self.misp_event.add_object(object_misp_url)
if not object_misp_url and not object_misp_url: if not object_misp_url and not object_misp_url:
self.__get_attribute(obs_to_add) self.__get_attribute(obs_to_add, link)
def get_result(self): def get_result(self):
event = json.loads(self.misp_event.to_json()) event = json.loads(self.misp_event.to_json())
results = {key: event[key] for key in ('Attribute', 'Object')} results = {key: event[key] for key in ('Attribute', 'Object')}
return results return results
def __get_attribute(self, obs_to_add): def __get_attribute(self, obs_to_add, link):
try: try:
type_attr = self.misp_mapping[obs_to_add['type']] type_attr = self.misp_mapping[obs_to_add['type']]
@ -96,6 +98,7 @@ class Yeti():
else: else:
value = obs_to_add['value'] value = obs_to_add['value']
attr = self.misp_event.add_attribute(value=value, type=type_attr) attr = self.misp_event.add_attribute(value=value, type=type_attr)
attr.comment = '%s of %s' % (link, self.attribute['value'])
except KeyError: except KeyError:
logging.error('type not found %s' % obs_to_add['type']) logging.error('type not found %s' % obs_to_add['type'])
return return