added client metatag to trustar client

3 years ago · 68b4fbba09
parent 341a569de5
commit 68b4fbba09
2 changed files with 12 additions and 0 deletions
--- a/doc/expansion/trustar_enrich.json
+++ b/doc/expansion/trustar_enrich.json
@ -0,0 +1,8 @@
+{
+    "description": "Module to get information from ThreatMiner.",
+    "logo": "logos/threatminer.png",
+    "input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512",
+    "output": "MISP attributes mapped from the result of the query on ThreatMiner, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- ssdeep\n- authentihash\n- filename\n- whois-registrant-email\n- url\n- link",
+    "references": ["https://www.threatminer.org/"],
+    "features": "This module takes a MISP attribute as input and queries ThreatMiner with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute."
+}
--- a/misp_modules/modules/expansion/trustar_enrich.py
+++ b/misp_modules/modules/expansion/trustar_enrich.py
@ -1,4 +1,5 @@
 import json
+import pymisp
 from pymisp import MISPAttribute, MISPEvent, MISPObject
 from trustar import TruStar

@ -32,8 +33,11 @@ class TruSTARParser:

    REPORT_BASE_URL = "https://station.trustar.co/constellation/reports/{}"

+    CLIENT_METATAG = "TruSTAR-MISP-{}".format(pymisp.__version__)
+
    def __init__(self, attribute, config):
        config['enclave_ids'] = config.get('enclave_ids', "").split(',')
+        config['client_metatag'] = self.CLIENT_METATAG
        self.ts_client = TruStar(config=config)

        self.misp_event = MISPEvent()