MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [circl_passivedns] Using `time_first` & `time_last` as `first_seen` and `last_seen` fields on the `passive-dns` objects 

- Should fix #692
pull/693/head
Christian Studer 2024-09-26 11:08:22 +02:00
parent d2e322bae9
commit 59c994678d
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
misp_modules/modules/expansion/circl_passivedns.py
View File

@ -48,14 +48,20 @@ class PassiveDNSParser:
self.result = {'error': 'Not found'} self.result = {'error': 'Not found'}
return return
mapping = {'count': 'counter', 'origin': 'text', mapping = {
'time_first': 'datetime', 'rrtype': 'text', 'count': 'counter', 'origin': 'text', 'rrtype': 'text',
'rrname': 'text', 'rdata': 'text', 'rrname': 'text', 'rdata': 'text',
'time_last': 'datetime'} }
for result in results: for result in results:
pdns_object = MISPObject('passive-dns') pdns_object = MISPObject('passive-dns')
for relation, attribute_type in mapping.items(): for relation, attribute_type in mapping.items():
pdns_object.add_attribute(relation, type=attribute_type, value=result[relation]) pdns_object.add_attribute(relation, result[relation], type=attribute_type)
first_seen = result['time_first']
pdns_object.add_attribute('time_first', first_seen, type='datetime')
pdns_object.first_seen = first_seen
last_seen = result['time_last']
pdns_object.add_attribute('time_last', last_seen, type='datetime')
pdns_object.last_seen = last_seen
pdns_object.add_reference(self.attribute.uuid, 'associated-to') pdns_object.add_reference(self.attribute.uuid, 'associated-to')
self.misp_event.add_object(**pdns_object) self.misp_event.add_object(**pdns_object)