Added a default distribution setting to Objects

pull/499/head
Rambatla Venkat Rao 2021-05-12 18:30:54 +05:30 committed by GitHub
parent 77035a82e0
commit 7aa6b39da8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions

View File

@ -43,7 +43,7 @@ moduleconfig = ['apikey', 'server', 'limit', 'flex_queries']
DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info' DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info'
DEFAULT_LIMIT = 10 DEFAULT_LIMIT = 10
org_distribution = '0'
TYPE_TO_FEATURE = { TYPE_TO_FEATURE = {
"btc": "Bitcoin address", "btc": "Bitcoin address",
"dkim": "domainkeys identified mail", "dkim": "domainkeys identified mail",
@ -103,6 +103,7 @@ class FarsightDnsdbParser():
comment = self.comment % (query_type, TYPE_TO_FEATURE[self.attribute['type']], self.attribute['value']) comment = self.comment % (query_type, TYPE_TO_FEATURE[self.attribute['type']], self.attribute['value'])
for result in results: for result in results:
passivedns_object = MISPObject('passive-dns') passivedns_object = MISPObject('passive-dns')
passivedns_object.distribution = org_distribution
if result.get('rdata') and isinstance(result['rdata'], list): if result.get('rdata') and isinstance(result['rdata'], list):
for rdata in result.pop('rdata'): for rdata in result.pop('rdata'):
passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata)) passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata))
@ -121,7 +122,7 @@ class FarsightDnsdbParser():
return {'results': results} return {'results': results}
def _parse_attribute(self, comment, feature, value): def _parse_attribute(self, comment, feature, value):
attribute = {'value': value, 'comment': comment} attribute = {'value': value, 'comment': comment, 'distribution': org_distribution}
attribute.update(self.passivedns_mapping[feature]) attribute.update(self.passivedns_mapping[feature])
return attribute return attribute