Browse Source

added client metatag to trustar client

pull/409/head
Jesse Hedden 1 year ago
parent
commit
68b4fbba09
  1. 8
      doc/expansion/trustar_enrich.json
  2. 4
      misp_modules/modules/expansion/trustar_enrich.py

8
doc/expansion/trustar_enrich.json

@ -0,0 +1,8 @@
{
"description": "Module to get information from ThreatMiner.",
"logo": "logos/threatminer.png",
"input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512",
"output": "MISP attributes mapped from the result of the query on ThreatMiner, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- ssdeep\n- authentihash\n- filename\n- whois-registrant-email\n- url\n- link",
"references": ["https://www.threatminer.org/"],
"features": "This module takes a MISP attribute as input and queries ThreatMiner with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute."
}

4
misp_modules/modules/expansion/trustar_enrich.py

@ -1,4 +1,5 @@
import json
import pymisp
from pymisp import MISPAttribute, MISPEvent, MISPObject
from trustar import TruStar
@ -32,8 +33,11 @@ class TruSTARParser:
REPORT_BASE_URL = "https://station.trustar.co/constellation/reports/{}"
CLIENT_METATAG = "TruSTAR-MISP-{}".format(pymisp.__version__)
def __init__(self, attribute, config):
config['enclave_ids'] = config.get('enclave_ids', "").split(',')
config['client_metatag'] = self.CLIENT_METATAG
self.ts_client = TruStar(config=config)
self.misp_event = MISPEvent()

Loading…
Cancel
Save