From 87b07b89b54ec1e569f14e1e2e29f4f5de18f2e9 Mon Sep 17 00:00:00 2001
From: Sebdraven <slarinier@gmail.com>
Date: Fri, 22 Jun 2018 16:15:34 +0200
Subject: [PATCH] add search

---
 misp_modules/modules/expansion/onyphe_full.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/misp_modules/modules/expansion/onyphe_full.py b/misp_modules/modules/expansion/onyphe_full.py
index bde4d4a..6ac4750 100644
--- a/misp_modules/modules/expansion/onyphe_full.py
+++ b/misp_modules/modules/expansion/onyphe_full.py
@@ -193,12 +193,13 @@ def expand_datascan(api, misperror,**kwargs):
     geoloc = []
     orgs = []
     ports = []
+
     if 'ip' in kwargs:
         query = kwargs.get('ip')
+        results = api.datascan(query)
     else:
         query = kwargs.get('domain')
-
-    results = api.datascan(query)
+        results = api.search_datascan('domain:%s' % query)
 
     if results['status'] == 'ok':
         status_ok = True
@@ -304,10 +305,10 @@ def expand_pastries(api, misperror, **kwargs):
     ips = []
     if 'ip' in kwargs:
         query = kwargs.get('ip')
+        result = api.pastries(query)
     if 'domain' in kwargs:
         query = kwargs.get('domain')
-
-    result = api.pastries(query)
+        result = api.search_pastries('domain:%s' % query)
 
     if result['status'] =='ok':
         status_ok = True
@@ -348,10 +349,11 @@ def expand_threatlist(api, misperror,**kwargs):
 
     if 'ip' in kwargs:
         query = kwargs.get('ip')
+        results = api.threatlist(query)
     else:
         query = kwargs.get('domain')
+        results = api.search_threatlist('domain:%s' % query)
 
-    results = api.threatlist(query)
     if results['status'] == 'ok':
         status_ok = True
         threat_list = ['seen %s on %s ' % (item['seen_date'], item['threatlist'])