mirror of https://github.com/MISP/misp-modules
add: Specific error message for misp_standard format expansion modules
- Checking if the input format is respected and displaying an error message if it is notpull/420/head
parent
6d528628c7
commit
3b7a5c4dc2
|
@ -19,3 +19,12 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c
|
||||||
'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',
|
'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',
|
||||||
'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',
|
'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',
|
||||||
'trustar_enrich', 'recordedfuture']
|
'trustar_enrich', 'recordedfuture']
|
||||||
|
|
||||||
|
|
||||||
|
minimum_required_fields = ('type', 'uuid', 'value')
|
||||||
|
|
||||||
|
checking_error = 'containing at least a "type" field and a "value" field'
|
||||||
|
standard_error_message = 'This module requires an "attribute" field as input'
|
||||||
|
|
||||||
|
def check_input_attribute(attribute, requirements=minimum_required_fields):
|
||||||
|
return all(feature in attribute for feature in requirements)
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
|
@ -74,7 +75,11 @@ def handler(q=False):
|
||||||
request = json.loads(q)
|
request = json.loads(q)
|
||||||
if not request.get('config', {}).get('apikey'):
|
if not request.get('config', {}).get('apikey'):
|
||||||
return {'error': 'An API key for APIVoid is required.'}
|
return {'error': 'An API key for APIVoid is required.'}
|
||||||
attribute = request.get('attribute')
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
|
attribute = request['attribute']
|
||||||
|
if attribute['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
apikey = request['config']['apikey']
|
apikey = request['config']['apikey']
|
||||||
apivoid_parser = APIVoidParser(attribute)
|
apivoid_parser = APIVoidParser(attribute)
|
||||||
apivoid_parser.parse_domain(apikey)
|
apivoid_parser.parse_domain(apikey)
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
import json
|
import json
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
from assemblyline_client import Client, ClientError
|
from assemblyline_client import Client, ClientError
|
||||||
from collections import defaultdict
|
from collections import defaultdict
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
@ -139,6 +140,10 @@ def handler(q=False):
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
request = json.loads(q)
|
request = json.loads(q)
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
|
if request['attribute']['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
if not request.get('config'):
|
if not request.get('config'):
|
||||||
return {"error": "Missing configuration."}
|
return {"error": "Missing configuration."}
|
||||||
if not request['config'].get('apiurl'):
|
if not request['config'].get('apiurl'):
|
||||||
|
|
|
@ -3,6 +3,7 @@ import json
|
||||||
import base64
|
import base64
|
||||||
import codecs
|
import codecs
|
||||||
from dateutil.parser import isoparse
|
from dateutil.parser import isoparse
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
try:
|
try:
|
||||||
import censys.base
|
import censys.base
|
||||||
|
@ -36,11 +37,11 @@ def handler(q=False):
|
||||||
api_id = request['config']['api_id']
|
api_id = request['config']['api_id']
|
||||||
api_secret = request['config']['api_secret']
|
api_secret = request['config']['api_secret']
|
||||||
|
|
||||||
if not request.get('attribute'):
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
return {'error': 'Unsupported input.'}
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
attribute = request['attribute']
|
attribute = request['attribute']
|
||||||
if not any(input_type == attribute['type'] for input_type in mispattributes['input']):
|
if not any(input_type == attribute['type'] for input_type in mispattributes['input']):
|
||||||
return {'error': 'Unsupported attributes type'}
|
return {'error': 'Unsupported attribute type.'}
|
||||||
|
|
||||||
attribute = MISPAttribute()
|
attribute = MISPAttribute()
|
||||||
attribute.from_dict(**request['attribute'])
|
attribute.from_dict(**request['attribute'])
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import json
|
import json
|
||||||
import pypdns
|
import pypdns
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
|
||||||
mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port'], 'format': 'misp_standard'}
|
mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port'], 'format': 'misp_standard'}
|
||||||
|
@ -58,11 +59,11 @@ def handler(q=False):
|
||||||
if not request['config'].get('username') or not request['config'].get('password'):
|
if not request['config'].get('username') or not request['config'].get('password'):
|
||||||
return {'error': 'CIRCL Passive DNS authentication is incomplete, please provide your username and password.'}
|
return {'error': 'CIRCL Passive DNS authentication is incomplete, please provide your username and password.'}
|
||||||
authentication = (request['config']['username'], request['config']['password'])
|
authentication = (request['config']['username'], request['config']['password'])
|
||||||
if not request.get('attribute'):
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
return {'error': 'Unsupported input.'}
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
attribute = request['attribute']
|
attribute = request['attribute']
|
||||||
if not any(input_type == attribute['type'] for input_type in mispattributes['input']):
|
if not any(input_type == attribute['type'] for input_type in mispattributes['input']):
|
||||||
return {'error': 'Unsupported attributes type'}
|
return {'error': 'Unsupported attribute type.'}
|
||||||
pdns_parser = PassiveDNSParser(attribute, authentication)
|
pdns_parser = PassiveDNSParser(attribute, authentication)
|
||||||
pdns_parser.parse()
|
pdns_parser.parse()
|
||||||
return pdns_parser.get_results()
|
return pdns_parser.get_results()
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import json
|
import json
|
||||||
import pypssl
|
import pypssl
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
|
||||||
mispattributes = {'input': ['ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port'], 'format': 'misp_standard'}
|
mispattributes = {'input': ['ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port'], 'format': 'misp_standard'}
|
||||||
|
@ -83,11 +84,11 @@ def handler(q=False):
|
||||||
if not request['config'].get('username') or not request['config'].get('password'):
|
if not request['config'].get('username') or not request['config'].get('password'):
|
||||||
return {'error': 'CIRCL Passive SSL authentication is incomplete, please provide your username and password.'}
|
return {'error': 'CIRCL Passive SSL authentication is incomplete, please provide your username and password.'}
|
||||||
authentication = (request['config']['username'], request['config']['password'])
|
authentication = (request['config']['username'], request['config']['password'])
|
||||||
if not request.get('attribute'):
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
return {'error': 'Unsupported input.'}
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
attribute = request['attribute']
|
attribute = request['attribute']
|
||||||
if not any(input_type == attribute['type'] for input_type in mispattributes['input']):
|
if not any(input_type == attribute['type'] for input_type in mispattributes['input']):
|
||||||
return {'error': 'Unsupported attributes type'}
|
return {'error': 'Unsupported attribute type.'}
|
||||||
pssl_parser = PassiveSSLParser(attribute, authentication)
|
pssl_parser = PassiveSSLParser(attribute, authentication)
|
||||||
pssl_parser.parse()
|
pssl_parser.parse()
|
||||||
return pssl_parser.get_results()
|
return pssl_parser.get_results()
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
from collections import defaultdict
|
|
||||||
from pymisp import MISPEvent, MISPObject
|
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
|
from collections import defaultdict
|
||||||
|
from pymisp import MISPEvent, MISPObject
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
|
mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
|
||||||
|
@ -108,7 +109,8 @@ def handler(q=False):
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
request = json.loads(q)
|
request = json.loads(q)
|
||||||
attribute = request.get('attribute')
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
if attribute.get('type') != 'vulnerability':
|
if attribute.get('type') != 'vulnerability':
|
||||||
misperrors['error'] = 'Vulnerability id missing.'
|
misperrors['error'] = 'Vulnerability id missing.'
|
||||||
return misperrors
|
return misperrors
|
||||||
|
|
|
@ -7,6 +7,7 @@ An expansion module to enrich attributes in MISP and share indicators of comprom
|
||||||
|
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
@ -146,9 +147,10 @@ def handler(q=False):
|
||||||
if not request.get('attribute'):
|
if not request.get('attribute'):
|
||||||
return {'error': 'Unsupported input.'}
|
return {'error': 'Unsupported input.'}
|
||||||
|
|
||||||
attribute = request['attribute']
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
if not any(input_type == attribute['type'] for input_type in mispattributes['input']):
|
if not any(input_type == attribute['type'] for input_type in mispattributes['input']):
|
||||||
return {'error': 'Unsupported attributes type'}
|
return {'error': 'Unsupported attribute type.'}
|
||||||
|
|
||||||
if not request.get('config'):
|
if not request.get('config'):
|
||||||
return {'error': 'Missing configuration'}
|
return {'error': 'Missing configuration'}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
import json
|
import json
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
from pyipasnhistory import IPASNHistory
|
from pyipasnhistory import IPASNHistory
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
|
||||||
|
@ -34,11 +35,11 @@ def handler(q=False):
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
request = json.loads(q)
|
request = json.loads(q)
|
||||||
if request.get('attribute') and request['attribute'].get('type') in mispattributes['input']:
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
toquery = request['attribute']['value']
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
else:
|
if request['attribute']['type'] not in mispattributes['input']:
|
||||||
misperrors['error'] = "Unsupported attributes type"
|
return {'error': 'Unsupported attribute type.'}
|
||||||
return misperrors
|
toquery = request['attribute']['value']
|
||||||
|
|
||||||
ipasn = IPASNHistory()
|
ipasn = IPASNHistory()
|
||||||
values = ipasn.query(toquery)
|
values = ipasn.query(toquery)
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
import jbxapi
|
import jbxapi
|
||||||
import json
|
import json
|
||||||
|
from . import check_input_attribute, checking_error, standard_error_message
|
||||||
from joe_parser import JoeParser
|
from joe_parser import JoeParser
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
|
@ -27,6 +28,10 @@ def handler(q=False):
|
||||||
if not apikey:
|
if not apikey:
|
||||||
return {'error': 'No API key provided'}
|
return {'error': 'No API key provided'}
|
||||||
|
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute'], requirements=('type', 'value')):
|
||||||
|
return {'error': f'{standard_error_message}, {checking_error} that is the link to the Joe Sandbox report.'}
|
||||||
|
if request['attribute']['type'] != 'link':
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
url = request['attribute']['value']
|
url = request['attribute']['value']
|
||||||
if "/submissions/" not in url:
|
if "/submissions/" not in url:
|
||||||
return {'error': "The URL does not point to a Joe Sandbox analysis."}
|
return {'error': "The URL does not point to a Joe Sandbox analysis."}
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
Module (type "expansion") to query a Lastline report from an analysis link.
|
Module (type "expansion") to query a Lastline report from an analysis link.
|
||||||
"""
|
"""
|
||||||
import json
|
import json
|
||||||
|
|
||||||
import lastline_api
|
import lastline_api
|
||||||
|
from . import check_input_attribute, checking_error, standard_error_message
|
||||||
|
|
||||||
|
|
||||||
misperrors = {
|
misperrors = {
|
||||||
|
@ -52,6 +52,8 @@ def handler(q=False):
|
||||||
try:
|
try:
|
||||||
config = request["config"]
|
config = request["config"]
|
||||||
auth_data = lastline_api.LastlineAbstractClient.get_login_params_from_dict(config)
|
auth_data = lastline_api.LastlineAbstractClient.get_login_params_from_dict(config)
|
||||||
|
if not request.get('attribute') or not request['attribute'].get('value'):
|
||||||
|
return {'error': f'{standard_error_message}, {checking_error} that is the link to a Lastline analysis.'}
|
||||||
analysis_link = request['attribute']['value']
|
analysis_link = request['attribute']['value']
|
||||||
# The API url changes based on the analysis link host name
|
# The API url changes based on the analysis link host name
|
||||||
api_url = lastline_api.get_portal_url_from_task_link(analysis_link)
|
api_url = lastline_api.get_portal_url_from_task_link(analysis_link)
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
from . import check_input_attribute, checking_error, standard_error_message
|
||||||
from pymisp import MISPEvent, MISPObject
|
from pymisp import MISPEvent, MISPObject
|
||||||
|
|
||||||
mispattributes = {'input': ['md5', 'sha1', 'sha256'],
|
mispattributes = {'input': ['md5', 'sha1', 'sha256'],
|
||||||
|
@ -34,7 +35,11 @@ def handler(q=False):
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
request = json.loads(q)
|
request = json.loads(q)
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute'], requirements=('type', 'value')):
|
||||||
|
return {'error': f'{standard_error_message}, {checking_error} that is the hash to submit to Malware Bazaar.'}
|
||||||
attribute = request['attribute']
|
attribute = request['attribute']
|
||||||
|
if attribute['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
url = 'https://mb-api.abuse.ch/api/v1/'
|
url = 'https://mb-api.abuse.ch/api/v1/'
|
||||||
response = requests.post(url, data={'query': 'get_info', 'hash': attribute['value']}).json()
|
response = requests.post(url, data={'query': 'get_info', 'hash': attribute['value']}).json()
|
||||||
query_status = response['query_status']
|
query_status = response['query_status']
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
import json
|
import json
|
||||||
|
from . import check_input_attribute, checking_error, standard_error_message
|
||||||
from ._ransomcoindb import ransomcoindb
|
from ._ransomcoindb import ransomcoindb
|
||||||
from pymisp import MISPObject
|
from pymisp import MISPObject
|
||||||
|
|
||||||
|
@ -28,6 +29,10 @@ def handler(q=False):
|
||||||
q = json.loads(q)
|
q = json.loads(q)
|
||||||
if "config" not in q or "api-key" not in q["config"]:
|
if "config" not in q or "api-key" not in q["config"]:
|
||||||
return {"error": "Ransomcoindb API key is missing"}
|
return {"error": "Ransomcoindb API key is missing"}
|
||||||
|
if not q.get('attribute') or not check_input_attribute(attribute, requirements=('type', 'value')):
|
||||||
|
return {'error': f'{standard_error_message}, {checking_error}.'}
|
||||||
|
if q['attribute']['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
api_key = q["config"]["api-key"]
|
api_key = q["config"]["api-key"]
|
||||||
r = {"results": []}
|
r = {"results": []}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import json
|
import json
|
||||||
import logging
|
import logging
|
||||||
import requests
|
import requests
|
||||||
|
from . import check_input_attribute, checking_error, standard_error_message
|
||||||
from urllib.parse import quote
|
from urllib.parse import quote
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPTag, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPTag, MISPObject
|
||||||
|
|
||||||
|
@ -257,6 +258,10 @@ def handler(q=False):
|
||||||
else:
|
else:
|
||||||
misperrors['error'] = 'Missing Recorded Future token.'
|
misperrors['error'] = 'Missing Recorded Future token.'
|
||||||
return misperrors
|
return misperrors
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['atttribute'], requirements=('type', 'value')):
|
||||||
|
return {'error': f'{standard_error_message}, {checking_error}.'}
|
||||||
|
if request['attribute']['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
|
|
||||||
input_attribute = request.get('attribute')
|
input_attribute = request.get('attribute')
|
||||||
rf_enricher = RFEnricher(token, input_attribute)
|
rf_enricher = RFEnricher(token, input_attribute)
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
from. import check_input_attribute, checking_error, standard_error_message
|
||||||
from pymisp import MISPEvent, MISPObject
|
from pymisp import MISPEvent, MISPObject
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
@ -105,6 +106,12 @@ def handler(q=False):
|
||||||
misperrors['error'] = "Missing client_id or client_secret value for SOPHOSLabs Intelix. \
|
misperrors['error'] = "Missing client_id or client_secret value for SOPHOSLabs Intelix. \
|
||||||
It's free to sign up here https://aws.amazon.com/marketplace/pp/B07SLZPMCS."
|
It's free to sign up here https://aws.amazon.com/marketplace/pp/B07SLZPMCS."
|
||||||
return misperrors
|
return misperrors
|
||||||
|
to_check = (('type', 'value'), ('type', 'value1'))
|
||||||
|
if not request.get('attribute') or not any(check_input_attribute(request['attribute'], requirements=check) for check in to_check):
|
||||||
|
return {'error': f'{standard_error_message}, {checking_error}.'}
|
||||||
|
attribute = request['attribute']
|
||||||
|
if attribute['type'] not in misp_types_in:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
client = SophosLabsApi(j['config']['client_id'], j['config']['client_secret'])
|
client = SophosLabsApi(j['config']['client_id'], j['config']['client_secret'])
|
||||||
if j['attribute']['type'] == "sha256":
|
if j['attribute']['type'] == "sha256":
|
||||||
client.hash_lookup(j['attribute']['value1'])
|
client.hash_lookup(j['attribute']['value1'])
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import json
|
import json
|
||||||
import pymisp
|
import pymisp
|
||||||
|
from . import check_input_attribute, checking_error, standard_error_message
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
from trustar import TruStar
|
from trustar import TruStar
|
||||||
|
|
||||||
|
@ -110,7 +111,11 @@ def handler(q=False):
|
||||||
misperrors['error'] = "Your TruSTAR API key and secret are required for indicator enrichment."
|
misperrors['error'] = "Your TruSTAR API key and secret are required for indicator enrichment."
|
||||||
return misperrors
|
return misperrors
|
||||||
|
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute'], requirements=('type', 'value')):
|
||||||
|
return {'error': f'{standard_error_message}, {checking_error}.'}
|
||||||
attribute = request['attribute']
|
attribute = request['attribute']
|
||||||
|
if attribute['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
trustar_parser = TruSTARParser(attribute, config)
|
trustar_parser = TruSTARParser(attribute, config)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
# -*- coding: utf-8 -*-
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['domain', 'hostname', 'ip-src', 'ip-dst', 'md5', 'sha256', 'url'],
|
mispattributes = {'input': ['domain', 'hostname', 'ip-src', 'ip-dst', 'md5', 'sha256', 'url'],
|
||||||
|
@ -134,7 +136,11 @@ def handler(q=False):
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
request = json.loads(q)
|
request = json.loads(q)
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
attribute = request['attribute']
|
attribute = request['attribute']
|
||||||
|
if attribute['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
urlhaus_parser = _misp_type_mapping[attribute['type']](attribute)
|
urlhaus_parser = _misp_type_mapping[attribute['type']](attribute)
|
||||||
return urlhaus_parser.query_api()
|
return urlhaus_parser.query_api()
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
|
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
|
||||||
|
@ -195,6 +196,11 @@ def handler(q=False):
|
||||||
if not request.get('config') or not request['config'].get('apikey'):
|
if not request.get('config') or not request['config'].get('apikey'):
|
||||||
misperrors['error'] = "A VirusTotal api key is required for this module."
|
misperrors['error'] = "A VirusTotal api key is required for this module."
|
||||||
return misperrors
|
return misperrors
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
|
if request['attribute']['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
|
|
||||||
event_limit = request['config'].get('event_limit')
|
event_limit = request['config'].get('event_limit')
|
||||||
if not isinstance(event_limit, int):
|
if not isinstance(event_limit, int):
|
||||||
event_limit = 5
|
event_limit = 5
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
|
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
|
||||||
|
@ -174,7 +175,11 @@ def handler(q=False):
|
||||||
if not request.get('config') or not request['config'].get('apikey'):
|
if not request.get('config') or not request['config'].get('apikey'):
|
||||||
misperrors['error'] = "A VirusTotal api key is required for this module."
|
misperrors['error'] = "A VirusTotal api key is required for this module."
|
||||||
return misperrors
|
return misperrors
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
|
||||||
attribute = request['attribute']
|
attribute = request['attribute']
|
||||||
|
if attribute['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
query_type, to_call = misp_type_mapping[attribute['type']]
|
query_type, to_call = misp_type_mapping[attribute['type']]
|
||||||
parser = to_call(request['config']['apikey'], attribute)
|
parser = to_call(request['config']['apikey'], attribute)
|
||||||
query_result = parser.get_query_result(query_type)
|
query_result = parser.get_query_result(query_type)
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import requests
|
import requests
|
||||||
import json
|
import json
|
||||||
import sys
|
import sys
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
from collections import defaultdict
|
from collections import defaultdict
|
||||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
from requests.auth import HTTPBasicAuth
|
from requests.auth import HTTPBasicAuth
|
||||||
|
@ -160,6 +161,10 @@ def handler(q=False):
|
||||||
return misperrors
|
return misperrors
|
||||||
key = request["config"]["apikey"]
|
key = request["config"]["apikey"]
|
||||||
password = request['config']['apipassword']
|
password = request['config']['apipassword']
|
||||||
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message} which should contain at least a type, a value and an uuid.'}
|
||||||
|
if request['attribute']['type'] not in mispattributes['input']:
|
||||||
|
return {'error': 'Unsupported attribute type.'}
|
||||||
parser = XforceExchange(request['attribute'], key, password)
|
parser = XforceExchange(request['attribute'], key, password)
|
||||||
parser.parse()
|
parser.parse()
|
||||||
return parser.get_result()
|
return parser.get_result()
|
||||||
|
|
Loading…
Reference in New Issue