Merge branch 'master' of github.com:chrisr3d/misp-modules into aml_import

pull/168/head
chrisr3d 2018-02-22 14:29:36 +01:00
commit 53b4a43448
5 changed files with 42 additions and 31 deletions

View File

@ -45,6 +45,7 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
### Export modules ### Export modules
* [CEF](misp_modules/modules/export_mod/cef_export.py) module to export Common Event Format (CEF). * [CEF](misp_modules/modules/export_mod/cef_export.py) module to export Common Event Format (CEF).
* [GoAML export](misp_modules/modules/export_mod/goamlexport.py) module to export in GoAML format.
* [Lite Export](misp_modules/modules/export_mod/liteexport.py) module to export a lite event. * [Lite Export](misp_modules/modules/export_mod/liteexport.py) module to export a lite event.
* [Simple PDF export](misp_modules/modules/export_mod/pdfexport.py) module to export in PDF (required: asciidoctor-pdf). * [Simple PDF export](misp_modules/modules/export_mod/pdfexport.py) module to export in PDF (required: asciidoctor-pdf).
* [ThreatConnect](misp_modules/modules/export_mod/threat_connect_export.py) module to export in ThreatConnect CSV format. * [ThreatConnect](misp_modules/modules/export_mod/threat_connect_export.py) module to export in ThreatConnect CSV format.

View File

@ -1 +1 @@
__all__ = ['testexport','cef_export','liteexport','threat_connect_export','pdfexport','threatStream_misp_export'] __all__ = ['testexport','cef_export','liteexport','goamlexport','threat_connect_export','pdfexport','threatStream_misp_export']

View File

@ -5,7 +5,8 @@ from collections import defaultdict, Counter
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
moduleinfo = {'version': '1', 'author': 'Christian Studer', moduleinfo = {'version': '1', 'author': 'Christian Studer',
'description': 'Export to GoAML', 'description': 'Export to GoAML',
'module-type': ['export']} 'module-type': ['export'],
'require_standard_format': True}
moduleconfig = ['rentity_id'] moduleconfig = ['rentity_id']
mispattributes = {'input': ['MISPEvent'], 'output': ['xml file']} mispattributes = {'input': ['MISPEvent'], 'output': ['xml file']}
outputFileExtension = "xml" outputFileExtension = "xml"
@ -13,26 +14,33 @@ responseType = "application/xml"
objects_to_parse = ['transaction', 'bank-account', 'person', 'entity', 'geolocation'] objects_to_parse = ['transaction', 'bank-account', 'person', 'entity', 'geolocation']
goAMLmapping = {'bank-account': 't_account', 'institution-code': 'institution_code', 'iban': 'iban', goAMLmapping = {'bank-account': {'bank-account': 't_account', 'institution-name': 'institution_name',
'swift': 'swift', 'branch': 'branch', 'non-banking-institution': 'non_bank_institution', 'institution-code': 'institution_code', 'iban': 'iban', 'swift': 'swift',
'account': 'account', 'currency-code': 'currency_code', 'account-name': 'account_name', 'branch': 'branch', 'non-banking-institution': 'non_bank_institution',
'client-number': 'client_number', 'personal-account-type': 'personal_account_type', 'account': 'account', 'currency-code': 'currency_code',
'opened': 'opened', 'closed': 'closed', 'balance': 'balance', 'status-code': 'status_code', 'account-name': 'account_name', 'client-number': 'client_number',
'beneficiary': 'beneficiary', 'beneficiary-comment': 'beneficiary_comment', 'comments': 'comments', 'personal-account-type': 'personal_account_type', 'opened': 'opened',
'person': 't_person', 'text': 'comments', 'first-name': 'first_name', 'middle-name': 'middle_name', 'closed': 'closed', 'balance': 'balance', 'status-code': 'status_code',
'last-name': 'last_name', 'mothers-name': 'mothers_name', 'title': 'title', 'alias': 'alias', 'beneficiary': 'beneficiary', 'beneficiary-comment': 'beneficiary_comment',
'date-of-birth': 'birthdate', 'place-of-birth': 'birth_place', 'gender': 'gender', 'comments': 'comments'},
'person': {'person': 't_person', 'text': 'comments', 'first-name': 'first_name',
'middle-name': 'middle_name', 'last-name': 'last_name', 'title': 'title',
'mothers-name': 'mothers_name', 'alias': 'alias', 'date-of-birth': 'birthdate',
'place-of-birth': 'birth_place', 'gender': 'gender','nationality': 'nationality1',
'passport-number': 'passport_number', 'passport-country': 'passport_country', 'passport-number': 'passport_number', 'passport-country': 'passport_country',
'social-security-number': 'ssn', 'nationality': 'nationality1', 'identity-card-number': 'id_number', 'social-security-number': 'ssn', 'identity-card-number': 'id_number'},
'geolocation': 'location', 'city': 'city', 'region': 'state', 'country': 'country-code', 'geolocation': {'geolocation': 'location', 'city': 'city', 'region': 'state',
'address': 'address', 'zipcode': 'zip', 'country': 'country-code', 'address': 'address', 'zipcode': 'zip'},
'transaction': 'transaction', 'transaction-number': 'transactionnumber', 'date': 'date_transaction', 'transaction': {'transaction': 'transaction', 'transaction-number': 'transactionnumber',
'location': 'transaction_location', 'transmode-code': 'transmode_code', 'amount': 'amount_local', 'date': 'date_transaction', 'location': 'transaction_location',
'transmode-comment': 'transmode_comment', 'date-posting': 'date_posting', 'teller': 'teller', 'transmode-code': 'transmode_code', 'amount': 'amount_local',
'authorized': 'authorized', 'transmode-comment': 'transmode_comment', 'date-posting': 'date_posting',
'legal-entity': 'entity', 'name': 'name', 'commercial-name': 'commercial_name', 'business': 'business', 'teller': 'teller', 'authorized': 'authorized',
'legal-form': 'incorporation_legal_form', 'registration-number': 'incorporation_number', 'text': 'transaction_description'},
'phone-number': 'phone'} 'legal-enitty': {'legal-entity': 'entity', 'name': 'name', 'business': 'business',
'commercial-name': 'commercial_name', 'phone-number': 'phone',
'legal-form': 'incorporation_legal_form',
'registration-number': 'incorporation_number'}}
referencesMapping = {'bank-account': {'aml_type': '{}_account', 'bracket': 't_{}'}, referencesMapping = {'bank-account': {'aml_type': '{}_account', 'bracket': 't_{}'},
'person': {'transaction': {'aml_type': '{}_person', 'bracket': 't_{}'}, 'bank-account': {'aml_type': 't_person', 'bracket': 'signatory'}}, 'person': {'transaction': {'aml_type': '{}_person', 'bracket': 't_{}'}, 'bank-account': {'aml_type': 't_person', 'bracket': 'signatory'}},
@ -88,7 +96,7 @@ class GoAmlGeneration(object):
obj = self.misp_event.get_object_by_uuid(uuid) obj = self.misp_event.get_object_by_uuid(uuid)
if object_type == 'transaction': if object_type == 'transaction':
self.xml[xml_part] += "<{}>".format(aml_type) self.xml[xml_part] += "<{}>".format(aml_type)
self.fill_xml_transaction(obj.attributes, xml_part) self.fill_xml_transaction(object_type, obj.attributes, xml_part)
self.parsed_uuids[object_type].append(uuid) self.parsed_uuids[object_type].append(uuid)
if obj.ObjectReference: if obj.ObjectReference:
self.parseObjectReferences(object_type, xml_part, obj.ObjectReference) self.parseObjectReferences(object_type, xml_part, obj.ObjectReference)
@ -104,7 +112,7 @@ class GoAmlGeneration(object):
def itterate_normal_case(self, object_type, obj, aml_type, uuid, xml_part): def itterate_normal_case(self, object_type, obj, aml_type, uuid, xml_part):
self.xml[xml_part] += "<{}>".format(aml_type) self.xml[xml_part] += "<{}>".format(aml_type)
self.fill_xml(obj, xml_part) self.fill_xml(object_type, obj, xml_part)
self.parsed_uuids[object_type].append(uuid) self.parsed_uuids[object_type].append(uuid)
if obj.ObjectReference: if obj.ObjectReference:
self.parseObjectReferences(object_type, xml_part, obj.ObjectReference) self.parseObjectReferences(object_type, xml_part, obj.ObjectReference)
@ -117,7 +125,7 @@ class GoAmlGeneration(object):
relationship_type = ref.relationship_type relationship_type = ref.relationship_type
self.parse_references(object_type, next_object_type, next_uuid, relationship_type, xml_part) self.parse_references(object_type, next_object_type, next_uuid, relationship_type, xml_part)
def fill_xml_transaction(self, attributes, xml_part): def fill_xml_transaction(self, object_type, attributes, xml_part):
from_and_to_fields = {'from': {}, 'to': {}} from_and_to_fields = {'from': {}, 'to': {}}
for attribute in attributes: for attribute in attributes:
object_relation = attribute.object_relation object_relation = attribute.object_relation
@ -133,12 +141,12 @@ class GoAmlGeneration(object):
from_and_to_fields[relation_type][field] = attribute_value from_and_to_fields[relation_type][field] = attribute_value
continue continue
try: try:
self.xml[xml_part] += "<{0}>{1}</{0}>".format(goAMLmapping[object_relation], attribute_value) self.xml[xml_part] += "<{0}>{1}</{0}>".format(goAMLmapping[object_type][object_relation], attribute_value)
except KeyError: except KeyError:
pass pass
self.from_and_to_fields = from_and_to_fields self.from_and_to_fields = from_and_to_fields
def fill_xml(self, obj, xml_part): def fill_xml(self, object_type, obj, xml_part):
if obj.name == 'bank-account': if obj.name == 'bank-account':
for attribute in obj.attributes: for attribute in obj.attributes:
if attribute.object_relation in ('personal-account-type', 'status-code'): if attribute.object_relation in ('personal-account-type', 'status-code'):
@ -146,13 +154,13 @@ class GoAmlGeneration(object):
else: else:
attribute_value = attribute.value attribute_value = attribute.value
try: try:
self.xml[xml_part] += "<{0}>{1}</{0}>".format(goAMLmapping[attribute.object_relation], attribute_value) self.xml[xml_part] += "<{0}>{1}</{0}>".format(goAMLmapping[object_type][attribute.object_relation], attribute_value)
except KeyError: except KeyError:
pass pass
else: else:
for attribute in obj.attributes: for attribute in obj.attributes:
try: try:
self.xml[xml_part] += "<{0}>{1}</{0}>".format(goAMLmapping[attribute.object_relation], attribute.value) self.xml[xml_part] += "<{0}>{1}</{0}>".format(goAMLmapping[object_type][attribute.object_relation], attribute.value)
except KeyError: except KeyError:
pass pass
@ -210,7 +218,7 @@ def introspection():
pass pass
try: try:
inputSource inputSource
mmoduleSetup['inputSource'] = inputSource moduleSetup['inputSource'] = inputSource
except NameError: except NameError:
pass pass
return modulesetup return modulesetup

View File

@ -15,7 +15,8 @@ misperrors = {'error': 'Error'}
moduleinfo = {'version': '1', moduleinfo = {'version': '1',
'author': 'Raphaël Vinot', 'author': 'Raphaël Vinot',
'description': 'Simple export to PDF', 'description': 'Simple export to PDF',
'module-type': ['export']} 'module-type': ['export'],
'require_standard_format': True}
moduleconfig = [] moduleconfig = []

1
tests/goamlexport.xml Normal file
View File

@ -0,0 +1 @@
<report><rentity_id>2510</rentity_id><submission_code>E</submission_code><report_code>STR</report_code><submission_date>2018-02-22T08:34:16+00:00</submission_date><currency_code_local>EUR</currency_code_local><transaction><transactionnumber>TW00000901</transactionnumber><transaction_location>1 Manners Street Wellington</transaction_location><transmode_code>BG</transmode_code><date_transaction>2015-12-01T10:03:00</date_transaction><amount_local>12345</amount_local><transaction_description>when it transacts</transaction_description><t_from><from_funds_code>E</from_funds_code><from_account><status_code>A</status_code><personal_account_type>A</personal_account_type><currency_code>EUR</currency_code><account>31032027088</account><swift>ATTBVI</swift><institution_name>The bank</institution_name><signatory><t_person><last_name>Nick</last_name><first_name>Pitt</first_name><title>Sir</title><birthdate>1993-09-25</birthdate><birth_place>Mulhouse, France</birth_place><gender>Male</gender><addresses><address><city>Paris</city><country-code>France</country-code></address></addresses></t_person></signatory></from_account><from_country>FRA</from_country></t_from><t_to_my_client><to_funds_code>K</to_funds_code><to_person><last_name>Michel</last_name><first_name>Jean</first_name><title>Himself</title><gender>Prefer not to say</gender><addresses><address><city>Luxembourg</city><country-code>Luxembourg</country-code></address></addresses></to_person><to_country>LUX</to_country></t_to_my_client></transaction></report>