From fe778dd57616616e0fb0a46b025e3110fc1b76b8 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 11 May 2023 15:18:26 +0200 Subject: [PATCH 1/3] fix: [crowdsec] set default version and expansion added --- misp_modules/modules/expansion/crowdsec.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/misp_modules/modules/expansion/crowdsec.py b/misp_modules/modules/expansion/crowdsec.py index 4432c4ef..064e08c8 100644 --- a/misp_modules/modules/expansion/crowdsec.py +++ b/misp_modules/modules/expansion/crowdsec.py @@ -4,12 +4,12 @@ from pymisp import MISPEvent, MISPObject import pycountry import requests -mispattributes = {"input": ["ip-dst", "ip-src"], "output": ["text"]} +mispattributes = {"input": ["ip-dst", "ip-src"], "output": ["text"], 'format': 'misp_standard'} moduleinfo = { "version": "1.0", "author": "Shivam Sandbhor ", "description": "Module to access CrowdSec CTI API.", - "module-type": ["hover"], + "module-type": ["hover", "expansion"], } moduleconfig = ["api_key", "api_version"] @@ -26,7 +26,8 @@ def handler(q=False): return {"error": "Missing CrowdSec API key"} if not request["config"].get("api_version"): - return {"error": "Missing CrowdSec API version parameter"} + else: + request["config"] = "v2" if request["config"]["api_version"] == "v2": return _handler_v2(request) @@ -43,7 +44,7 @@ def _handler_v2(request_data): f"https://cti.api.crowdsec.net/v2/smoke/{ip}", headers={ "x-api-key": request_data["config"]["api_key"], - "User-Agent": "crowdsec-misp/v1.0.0", + "User-Agent": "crowdsec-misp/v1.0.0", }, ) crowdsec_cti.raise_for_status() From 337dcf7acb4fda550fc7c0f057bd6ab1631a5463 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 11 May 2023 15:21:31 +0200 Subject: [PATCH 2/3] fix: [crowdsec] version 2 --- misp_modules/modules/expansion/crowdsec.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/misp_modules/modules/expansion/crowdsec.py b/misp_modules/modules/expansion/crowdsec.py index 064e08c8..42d93fc6 100644 --- a/misp_modules/modules/expansion/crowdsec.py +++ b/misp_modules/modules/expansion/crowdsec.py @@ -25,9 +25,7 @@ def handler(q=False): if not request["config"].get("api_key"): return {"error": "Missing CrowdSec API key"} - if not request["config"].get("api_version"): - else: - request["config"] = "v2" + request["config"]["api_version"] = "v2" if request["config"]["api_version"] == "v2": return _handler_v2(request) From 98b766cbdcaf5abd2e7ac2fa7e94261a689d717d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 11 May 2023 15:25:34 +0200 Subject: [PATCH 3/3] fix: [crowdsec] more need to be fully supporting MISP standard format --- misp_modules/modules/expansion/crowdsec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/crowdsec.py b/misp_modules/modules/expansion/crowdsec.py index 42d93fc6..3620b250 100644 --- a/misp_modules/modules/expansion/crowdsec.py +++ b/misp_modules/modules/expansion/crowdsec.py @@ -4,7 +4,7 @@ from pymisp import MISPEvent, MISPObject import pycountry import requests -mispattributes = {"input": ["ip-dst", "ip-src"], "output": ["text"], 'format': 'misp_standard'} +mispattributes = {"input": ["ip-dst", "ip-src"], "output": ["text"]} moduleinfo = { "version": "1.0", "author": "Shivam Sandbhor ",