mirror of https://github.com/MISP/misp-modules
removed unused re module
milkmix
parent
ae5747efd5
commit
615a56f9bb
|
|
@ -6,7 +6,6 @@ Config['Period'] : allows to define period over witch to look for IOC from now (
|
||||||
|
|
||||||
import base64
|
import base64
|
||||||
import json
|
import json
|
||||||
import re
|
|
||||||
|
|
||||||
misperrors = {"error": "Error"}
|
misperrors = {"error": "Error"}
|
||||||
|
|
||||||
|
|
@ -22,7 +21,6 @@ inputSource = ['event']
|
||||||
outputFileExtension = 'nxql'
|
outputFileExtension = 'nxql'
|
||||||
responseType = 'application/txt'
|
responseType = 'application/txt'
|
||||||
|
|
||||||
|
|
||||||
moduleinfo = {'version': '1.0', 'author': 'Julien Bachmann, Hacknowledge',
|
moduleinfo = {'version': '1.0', 'author': 'Julien Bachmann, Hacknowledge',
|
||||||
'description': 'Nexthink NXQL query export module',
|
'description': 'Nexthink NXQL query export module',
|
||||||
'module-type': ['export']}
|
'module-type': ['export']}
|
||||||
|
|
@ -36,6 +34,7 @@ def handle_sha1(value, period):
|
||||||
''' % (value, period)
|
''' % (value, period)
|
||||||
return query.replace('\n', ' ')
|
return query.replace('\n', ' ')
|
||||||
|
|
||||||
|
|
||||||
def handle_sha256(value, period):
|
def handle_sha256(value, period):
|
||||||
query = '''select ((binary (executable_name version)) (user (name)) (device (name last_ip_address)) (execution (binary_path start_time)))
|
query = '''select ((binary (executable_name version)) (user (name)) (device (name last_ip_address)) (execution (binary_path start_time)))
|
||||||
(from (binary user device execution)
|
(from (binary user device execution)
|
||||||
|
|
@ -45,6 +44,7 @@ def handle_sha256(value, period):
|
||||||
''' % (value, period)
|
''' % (value, period)
|
||||||
return query.replace('\n', ' ')
|
return query.replace('\n', ' ')
|
||||||
|
|
||||||
|
|
||||||
def handle_md5(value, period):
|
def handle_md5(value, period):
|
||||||
query = '''select ((binary (executable_name version)) (user (name)) (device (name last_ip_address)) (execution (binary_path start_time)))
|
query = '''select ((binary (executable_name version)) (user (name)) (device (name last_ip_address)) (execution (binary_path start_time)))
|
||||||
(from (binary user device execution)
|
(from (binary user device execution)
|
||||||
|
|
@ -54,6 +54,7 @@ def handle_md5(value, period):
|
||||||
''' % (value, period)
|
''' % (value, period)
|
||||||
return query.replace('\n', ' ')
|
return query.replace('\n', ' ')
|
||||||
|
|
||||||
|
|
||||||
def handle_domain(value, period):
|
def handle_domain(value, period):
|
||||||
query = '''select ((device name) (device (name last_ip_address)) (user name)(user department) (binary executable_name)(binary application_name)(binary description)(binary application_category)(binary (executable_name version)) (binary #"Suspicious binary")(binary first_seen)(binary last_seen)(binary threat_level)(binary hash) (binary paths)
|
query = '''select ((device name) (device (name last_ip_address)) (user name)(user department) (binary executable_name)(binary application_name)(binary description)(binary application_category)(binary (executable_name version)) (binary #"Suspicious binary")(binary first_seen)(binary last_seen)(binary threat_level)(binary hash) (binary paths)
|
||||||
(destination name)(domain name) (domain domain_category)(domain hosting_country)(domain protocol)(domain threat_level) (port port_number)(web_request incoming_traffic)(web_request outgoing_traffic))
|
(destination name)(domain name) (domain domain_category)(domain hosting_country)(domain protocol)(domain threat_level) (port port_number)(web_request incoming_traffic)(web_request outgoing_traffic))
|
||||||
|
|
@ -64,6 +65,7 @@ def handle_domain(value, period):
|
||||||
''' % (value, period)
|
''' % (value, period)
|
||||||
return query.replace('\n', ' ')
|
return query.replace('\n', ' ')
|
||||||
|
|
||||||
|
|
||||||
handlers = {
|
handlers = {
|
||||||
'sha1': handle_sha1,
|
'sha1': handle_sha1,
|
||||||
'sha256': handle_sha256,
|
'sha256': handle_sha256,
|
||||||
|
|
@ -86,6 +88,7 @@ def handler(q=False):
|
||||||
r = {"response": [], "data": str(base64.b64encode(bytes(output, 'utf-8')), 'utf-8')}
|
r = {"response": [], "data": str(base64.b64encode(bytes(output, 'utf-8')), 'utf-8')}
|
||||||
return r
|
return r
|
||||||
|
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
modulesetup = {}
|
modulesetup = {}
|
||||||
try:
|
try:
|
||||||
|
|
@ -110,6 +113,7 @@ def introspection():
|
||||||
pass
|
pass
|
||||||
return modulesetup
|
return modulesetup
|
||||||
|
|
||||||
|
|
||||||
def version():
|
def version():
|
||||||
moduleinfo['config'] = moduleconfig
|
moduleinfo['config'] = moduleconfig
|
||||||
return moduleinfo
|
return moduleinfo
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue