mirror of https://github.com/MISP/misp-modules
add search
parent
396b71ef3b
commit
87b07b89b5
|
@ -193,12 +193,13 @@ def expand_datascan(api, misperror,**kwargs):
|
||||||
geoloc = []
|
geoloc = []
|
||||||
orgs = []
|
orgs = []
|
||||||
ports = []
|
ports = []
|
||||||
|
|
||||||
if 'ip' in kwargs:
|
if 'ip' in kwargs:
|
||||||
query = kwargs.get('ip')
|
query = kwargs.get('ip')
|
||||||
|
results = api.datascan(query)
|
||||||
else:
|
else:
|
||||||
query = kwargs.get('domain')
|
query = kwargs.get('domain')
|
||||||
|
results = api.search_datascan('domain:%s' % query)
|
||||||
results = api.datascan(query)
|
|
||||||
|
|
||||||
if results['status'] == 'ok':
|
if results['status'] == 'ok':
|
||||||
status_ok = True
|
status_ok = True
|
||||||
|
@ -304,10 +305,10 @@ def expand_pastries(api, misperror, **kwargs):
|
||||||
ips = []
|
ips = []
|
||||||
if 'ip' in kwargs:
|
if 'ip' in kwargs:
|
||||||
query = kwargs.get('ip')
|
query = kwargs.get('ip')
|
||||||
|
result = api.pastries(query)
|
||||||
if 'domain' in kwargs:
|
if 'domain' in kwargs:
|
||||||
query = kwargs.get('domain')
|
query = kwargs.get('domain')
|
||||||
|
result = api.search_pastries('domain:%s' % query)
|
||||||
result = api.pastries(query)
|
|
||||||
|
|
||||||
if result['status'] =='ok':
|
if result['status'] =='ok':
|
||||||
status_ok = True
|
status_ok = True
|
||||||
|
@ -348,10 +349,11 @@ def expand_threatlist(api, misperror,**kwargs):
|
||||||
|
|
||||||
if 'ip' in kwargs:
|
if 'ip' in kwargs:
|
||||||
query = kwargs.get('ip')
|
query = kwargs.get('ip')
|
||||||
|
results = api.threatlist(query)
|
||||||
else:
|
else:
|
||||||
query = kwargs.get('domain')
|
query = kwargs.get('domain')
|
||||||
|
results = api.search_threatlist('domain:%s' % query)
|
||||||
|
|
||||||
results = api.threatlist(query)
|
|
||||||
if results['status'] == 'ok':
|
if results['status'] == 'ok':
|
||||||
status_ok = True
|
status_ok = True
|
||||||
threat_list = ['seen %s on %s ' % (item['seen_date'], item['threatlist'])
|
threat_list = ['seen %s on %s ' % (item['seen_date'], item['threatlist'])
|
||||||
|
|
Loading…
Reference in New Issue