added client metatag to trustar client

pull/409/head
Jesse Hedden 2020-06-22 12:15:28 -07:00
parent 341a569de5
commit 68b4fbba09
2 changed files with 12 additions and 0 deletions

View File

@ -0,0 +1,8 @@
{
"description": "Module to get information from ThreatMiner.",
"logo": "logos/threatminer.png",
"input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512",
"output": "MISP attributes mapped from the result of the query on ThreatMiner, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- ssdeep\n- authentihash\n- filename\n- whois-registrant-email\n- url\n- link",
"references": ["https://www.threatminer.org/"],
"features": "This module takes a MISP attribute as input and queries ThreatMiner with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute."
}

View File

@ -1,4 +1,5 @@
import json import json
import pymisp
from pymisp import MISPAttribute, MISPEvent, MISPObject from pymisp import MISPAttribute, MISPEvent, MISPObject
from trustar import TruStar from trustar import TruStar
@ -32,8 +33,11 @@ class TruSTARParser:
REPORT_BASE_URL = "https://station.trustar.co/constellation/reports/{}" REPORT_BASE_URL = "https://station.trustar.co/constellation/reports/{}"
CLIENT_METATAG = "TruSTAR-MISP-{}".format(pymisp.__version__)
def __init__(self, attribute, config): def __init__(self, attribute, config):
config['enclave_ids'] = config.get('enclave_ids', "").split(',') config['enclave_ids'] = config.get('enclave_ids', "").split(',')
config['client_metatag'] = self.CLIENT_METATAG
self.ts_client = TruStar(config=config) self.ts_client = TruStar(config=config)
self.misp_event = MISPEvent() self.misp_event = MISPEvent()