MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

renamed cluster25.py to cluster25_expand.py, module implementation

pull/642/head
Milo Volpicelli 2023-10-20 08:37:21 +00:00
parent f77baec63b
commit 4c7637237f
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
misp_modules/modules/expansion/__init__.py
View File

@ -4,7 +4,7 @@ import sys
sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))
__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',
'cluster25', 'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools',
'cluster25_expand', 'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools',
'eupi', 'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',
'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',

6
misp_modules/modules/expansion/cluster25.py → misp_modules/modules/expansion/cluster25_expand.py
View File

@ -1,5 +1,6 @@
import json
import requests
from typing import List
from . import check_input_attribute, standard_error_message
from pymisp import MISPAttribute, MISPEvent
@ -9,7 +10,7 @@ moduleinfo = {'version': '0.1',
'module-type': ['expansion', 'hover']}
moduleconfig = ['api_id', 'apikey', 'base_url']
misperrors = {'error': 'Error'}
misp_type_in = ['domain', 'email', 'filename', 'md5', 'sha1', 'sha256', 'ip', 'mutex', 'url', 'vulnerability', 'btc',
misp_type_in = ['domain', 'email', 'filename', 'md5', 'sha1', 'sha256', 'ip', 'url', 'vulnerability', 'btc',
'xmr', 'ja3-fingerprint-md5']
mapping_out = { # mapping between the MISP attributes type and the compatible Cluster25 indicator types.
'domain': {'type': 'domain', 'to_ids': True},
@ -20,7 +21,6 @@ mapping_out = { # mapping between the MISP attributes type and the compatible C
'sha256': {'type': 'sha256', 'to_ids': True},
'ipv4': {'type': 'ip', 'to_ids': True},
'ipv6': {'type': 'ip', 'to_ids': True},
'mutex': {'type': 'mutex', 'to_ids': True},
'url': {'type': 'url', 'to_ids': True},
'cve': {'type': 'vulnerability', 'to_ids': True},
'btcaddress': {'type': 'btc', 'to_ids': True},
@ -119,7 +119,7 @@ class Cluster25CTI:
)
return r.json()["data"]["token"]
def search_indicators(self, indicator_type):
def search_indicators(self, indicator_type) -> List[dict]:
headers = {"Authorization": f"Bearer {self.current_token}"}
params = {'type': indicator_type, 'include_info': True}
r = requests.get(url=f"{self.base_url}/indicators", params=params, headers=headers)