From 7aa6b39da82bb39b9a2e00a6903e7588a3d881eb Mon Sep 17 00:00:00 2001
From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com>
Date: Wed, 12 May 2021 18:30:54 +0530
Subject: [PATCH 1/3] Added a default distribution setting to Objects

---
 misp_modules/modules/expansion/farsight_passivedns.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py
index 47e7eaa..ff877a1 100755
--- a/misp_modules/modules/expansion/farsight_passivedns.py
+++ b/misp_modules/modules/expansion/farsight_passivedns.py
@@ -43,7 +43,7 @@ moduleconfig = ['apikey', 'server', 'limit', 'flex_queries']
 
 DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info'
 DEFAULT_LIMIT = 10
-
+org_distribution = '0'
 TYPE_TO_FEATURE = {
     "btc": "Bitcoin address",
     "dkim": "domainkeys identified mail",
@@ -103,6 +103,7 @@ class FarsightDnsdbParser():
             comment = self.comment % (query_type, TYPE_TO_FEATURE[self.attribute['type']], self.attribute['value'])
             for result in results:
                 passivedns_object = MISPObject('passive-dns')
+                passivedns_object.distribution = org_distribution
                 if result.get('rdata') and isinstance(result['rdata'], list):
                     for rdata in result.pop('rdata'):
                         passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata))
@@ -121,7 +122,7 @@ class FarsightDnsdbParser():
         return {'results': results}
 
     def _parse_attribute(self, comment, feature, value):
-        attribute = {'value': value, 'comment': comment}
+        attribute = {'value': value, 'comment': comment, 'distribution': org_distribution}
         attribute.update(self.passivedns_mapping[feature])
         return attribute
 

From f6c0f6826330bf18705ec24c86b744b72d64df53 Mon Sep 17 00:00:00 2001
From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com>
Date: Wed, 12 May 2021 18:38:55 +0530
Subject: [PATCH 2/3] Default distribution setting to DNSDB Objects

---
 misp_modules/modules/expansion/farsight_passivedns.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py
index ff877a1..3167f4c 100755
--- a/misp_modules/modules/expansion/farsight_passivedns.py
+++ b/misp_modules/modules/expansion/farsight_passivedns.py
@@ -43,7 +43,7 @@ moduleconfig = ['apikey', 'server', 'limit', 'flex_queries']
 
 DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info'
 DEFAULT_LIMIT = 10
-org_distribution = '0'
+DEFAULT_DISTRIBUTION_SETTING = '0'
 TYPE_TO_FEATURE = {
     "btc": "Bitcoin address",
     "dkim": "domainkeys identified mail",
@@ -103,7 +103,7 @@ class FarsightDnsdbParser():
             comment = self.comment % (query_type, TYPE_TO_FEATURE[self.attribute['type']], self.attribute['value'])
             for result in results:
                 passivedns_object = MISPObject('passive-dns')
-                passivedns_object.distribution = org_distribution
+                passivedns_object.distribution = DEFAULT_DISTRIBUTION_SETTING
                 if result.get('rdata') and isinstance(result['rdata'], list):
                     for rdata in result.pop('rdata'):
                         passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata))
@@ -122,7 +122,7 @@ class FarsightDnsdbParser():
         return {'results': results}
 
     def _parse_attribute(self, comment, feature, value):
-        attribute = {'value': value, 'comment': comment, 'distribution': org_distribution}
+        attribute = {'value': value, 'comment': comment, 'distribution': DEFAULT_DISTRIBUTION_SETTING}
         attribute.update(self.passivedns_mapping[feature])
         return attribute
 

From 6a731454f1309e5d71b1bb131c31982ea6f80f74 Mon Sep 17 00:00:00 2001
From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com>
Date: Wed, 12 May 2021 21:42:25 +0530
Subject: [PATCH 3/3] Updated Distribution Constant

---
 misp_modules/modules/expansion/farsight_passivedns.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py
index 3167f4c..7cf6f66 100755
--- a/misp_modules/modules/expansion/farsight_passivedns.py
+++ b/misp_modules/modules/expansion/farsight_passivedns.py
@@ -2,7 +2,7 @@ import dnsdb2
 import json
 from . import check_input_attribute, standard_error_message
 from datetime import datetime
-from pymisp import MISPEvent, MISPObject
+from pymisp import MISPEvent, MISPObject, Distribution
 
 misperrors = {'error': 'Error'}
 standard_query_input = [
@@ -43,7 +43,7 @@ moduleconfig = ['apikey', 'server', 'limit', 'flex_queries']
 
 DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info'
 DEFAULT_LIMIT = 10
-DEFAULT_DISTRIBUTION_SETTING = '0'
+DEFAULT_DISTRIBUTION_SETTING = Distribution.your_organisation_only.value
 TYPE_TO_FEATURE = {
     "btc": "Bitcoin address",
     "dkim": "domainkeys identified mail",