MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add domain expansion

pull/197/head
Sebdraven 2018-06-22 15:57:52 +02:00
parent 96c829470d
commit 83999d6402
1 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
misp_modules/modules/expansion/onyphe_full.py
View File

@ -49,13 +49,36 @@ def handler(q=False):
else: else:
misperrors['error'] = "Unsupported attributes type" misperrors['error'] = "Unsupported attributes type"
return misperrors return misperrors
else: else:
return False return False
def handle_domain(api, domain, misperrors): def handle_domain(api, domain, misperrors):
result_filtered = {"results": []}
r, status_ok = expand_pastries(api, misperrors, domain=domain)
if status_ok:
result_filtered['results'].extend(r)
else:
misperrors['error'] = 'Error pastries result'
return misperrors
r, status_ok = expand_datascan(api, misperrors, domain=domain)
if status_ok:
result_filtered['results'].extend(r)
else:
misperrors['error'] = 'Error datascan result '
return misperrors
r, status_ok = expand_threatlist(api, misperrors, domain=domain)
if status_ok:
result_filtered['results'].extend(r)
else:
misperrors['error'] = 'Error threat list'
return misperrors
pass pass
@ -271,19 +294,18 @@ def expand_forward(api, ip, misperror):
def expand_pastries(api, misperror, **kwargs): def expand_pastries(api, misperror, **kwargs):
status_ok = False status_ok = False
r = [] r = []
ip = None
domain = None query = None
result = None result = None
urls_pasties = [] urls_pasties = []
domains = [] domains = []
ips = [] ips = []
if 'ip' in kwargs: if 'ip' in kwargs:
ip = kwargs.get('ip') query = kwargs.get('ip')
result = api.pastries(ip)
if 'domain' in kwargs: if 'domain' in kwargs:
domain = kwargs.get('domain') query = kwargs.get('domain')
result = api.pastries(domain)
api.pastries(query)
if result['status'] =='ok': if result['status'] =='ok':
status_ok = True status_ok = True
@ -302,7 +324,7 @@ def expand_pastries(api, misperror, **kwargs):
r.append({'types': ['url'], r.append({'types': ['url'],
'values': urls_pasties, 'values': urls_pasties,
'categories': ['External analysis'], 'categories': ['External analysis'],
'comment':'URLs of pasties where %s has found' % ip}) 'comment':'URLs of pasties where %s has found' % query})
r.append({'types': ['domain'], 'values': list(set(domains)), r.append({'types': ['domain'], 'values': list(set(domains)),
'categories': ['Network activity'], 'categories': ['Network activity'],
'comment': 'Domains found in pasties of Onyphe'}) 'comment': 'Domains found in pasties of Onyphe'})