From 68b4fbba0960fc732180302ceecc4c726d7d2083 Mon Sep 17 00:00:00 2001 From: Jesse Hedden Date: Mon, 22 Jun 2020 12:15:28 -0700 Subject: [PATCH] added client metatag to trustar client --- doc/expansion/trustar_enrich.json | 8 ++++++++ misp_modules/modules/expansion/trustar_enrich.py | 4 ++++ 2 files changed, 12 insertions(+) create mode 100644 doc/expansion/trustar_enrich.json diff --git a/doc/expansion/trustar_enrich.json b/doc/expansion/trustar_enrich.json new file mode 100644 index 0000000..d2f26bd --- /dev/null +++ b/doc/expansion/trustar_enrich.json @@ -0,0 +1,8 @@ +{ + "description": "Module to get information from ThreatMiner.", + "logo": "logos/threatminer.png", + "input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512", + "output": "MISP attributes mapped from the result of the query on ThreatMiner, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- ssdeep\n- authentihash\n- filename\n- whois-registrant-email\n- url\n- link", + "references": ["https://www.threatminer.org/"], + "features": "This module takes a MISP attribute as input and queries ThreatMiner with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute." +} diff --git a/misp_modules/modules/expansion/trustar_enrich.py b/misp_modules/modules/expansion/trustar_enrich.py index 38f5d16..db589fc 100644 --- a/misp_modules/modules/expansion/trustar_enrich.py +++ b/misp_modules/modules/expansion/trustar_enrich.py @@ -1,4 +1,5 @@ import json +import pymisp from pymisp import MISPAttribute, MISPEvent, MISPObject from trustar import TruStar @@ -32,8 +33,11 @@ class TruSTARParser: REPORT_BASE_URL = "https://station.trustar.co/constellation/reports/{}" + CLIENT_METATAG = "TruSTAR-MISP-{}".format(pymisp.__version__) + def __init__(self, attribute, config): config['enclave_ids'] = config.get('enclave_ids', "").split(',') + config['client_metatag'] = self.CLIENT_METATAG self.ts_client = TruStar(config=config) self.misp_event = MISPEvent()