mirror of https://github.com/MISP/misp-modules
added client metatag to trustar client
parent
341a569de5
commit
68b4fbba09
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"description": "Module to get information from ThreatMiner.",
|
||||
"logo": "logos/threatminer.png",
|
||||
"input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512",
|
||||
"output": "MISP attributes mapped from the result of the query on ThreatMiner, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- ssdeep\n- authentihash\n- filename\n- whois-registrant-email\n- url\n- link",
|
||||
"references": ["https://www.threatminer.org/"],
|
||||
"features": "This module takes a MISP attribute as input and queries ThreatMiner with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute."
|
||||
}
|
|
@ -1,4 +1,5 @@
|
|||
import json
|
||||
import pymisp
|
||||
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||
from trustar import TruStar
|
||||
|
||||
|
@ -32,8 +33,11 @@ class TruSTARParser:
|
|||
|
||||
REPORT_BASE_URL = "https://station.trustar.co/constellation/reports/{}"
|
||||
|
||||
CLIENT_METATAG = "TruSTAR-MISP-{}".format(pymisp.__version__)
|
||||
|
||||
def __init__(self, attribute, config):
|
||||
config['enclave_ids'] = config.get('enclave_ids', "").split(',')
|
||||
config['client_metatag'] = self.CLIENT_METATAG
|
||||
self.ts_client = TruStar(config=config)
|
||||
|
||||
self.misp_event = MISPEvent()
|
||||
|
|
Loading…
Reference in New Issue