MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [crowdsec] Fixed the module input handling 

- Made the module an expansion module as it is the
  standard type, and `hover` usually is the option
- Better input handling, checking now for the
  `attribute` field as the information of the full
  attribute is passed in misp standard format and
  not only its type and value
- As for now only `v2` is supported as API version
  we removed the parameter to avoid confusion. It
  can be added back later when multiple versions
  are supported
pull/613/head
Christian Studer 2023-05-11 16:12:07 +02:00
parent 88962aba19
commit 51cf8524ad
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
misp_modules/modules/expansion/crowdsec.py
View File

@ -1,17 +1,17 @@
import json
from pymisp import MISPEvent, MISPObject
import pycountry
import requests
from . import check_input_attribute, standard_error_message
from pymisp import MISPEvent, MISPObject
mispattributes = {"input": ["ip-dst", "ip-src"], "output": ["text"]}
mispattributes = {"input": ["ip-dst", "ip-src"], "format": "misp_standard"}
moduleinfo = {
"version": "1.0",
"author": "Shivam Sandbhor <shivam@crowdsec.net>",
"description": "Module to access CrowdSec CTI API.",
"module-type": ["hover", "expansion"],
}
moduleconfig = ["api_key", "api_version"]
moduleconfig = ["api_key"]
def handler(q=False):
@ -25,18 +25,17 @@ def handler(q=False):
if not request["config"].get("api_key"):
return {"error": "Missing CrowdSec API key"}
request["config"]["api_version"] = "v2"
if not request.get('attribute') or not check_input_attribute(request['attribute']):
return {'error': f'{standard_error_message}, which shoul contain at least a type, a value and an uuid.'}
if request["config"]["api_version"] == "v2":
return _handler_v2(request)
return {"error": f'API version {request["config"]["api_version"]} not supported'}
if request['attribute'].get('type') not in mispattributes['input']:
return {'error': f"Wrong input type. Please choose on of the following: {', '.join(mispattributes['input'])}"}
return _handler_v2(request)
def _handler_v2(request_data):
if request_data.get("ip-dst"):
ip = request_data.get("ip-dst")
elif request_data.get("ip-src"):
ip = request_data.get("ip-src")
ip = request_data['attribute']['value']
crowdsec_cti = requests.get(
f"https://cti.api.crowdsec.net/v2/smoke/{ip}",