mirror of https://github.com/MISP/misp-modules
add onyphe full module
parent
023c35f5d8
commit
8ae7210aef
|
@ -56,31 +56,33 @@ def handler(q=False):
|
||||||
def handle_domain(api, domain, misperrors):
|
def handle_domain(api, domain, misperrors):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
def handle_ip(api, ip, misperrors):
|
def handle_ip(api, ip, misperrors):
|
||||||
result_filtered = {"results": []}
|
result_filtered = {"results": []}
|
||||||
|
|
||||||
r,status_ok = expand_syscan(api,ip,misperrors)
|
r, status_ok = expand_syscan(api, ip, misperrors)
|
||||||
|
|
||||||
|
if status_ok:
|
||||||
|
result_filtered['results'].append(r)
|
||||||
|
else:
|
||||||
|
misperrors['error'] = "Error syscan result"
|
||||||
|
return misperrors
|
||||||
|
|
||||||
|
r, status_ok = expand_datascan(api, misperrors, ip=ip)
|
||||||
|
|
||||||
if status_ok:
|
if status_ok:
|
||||||
result_filtered['results'].append(r)
|
result_filtered['results'].append(r)
|
||||||
else:
|
else:
|
||||||
return r
|
return r
|
||||||
|
|
||||||
r, status_ok = expand_datascan(api,misperrors, ip=ip)
|
r, status_ok = expand_forward(api, ip, misperrors)
|
||||||
|
|
||||||
if status_ok:
|
if status_ok:
|
||||||
result_filtered['results'].append(r)
|
result_filtered['results'].append(r)
|
||||||
else:
|
else:
|
||||||
return r
|
return r
|
||||||
|
|
||||||
r, status_ok = expand_forward(api, ip,misperrors)
|
r, status_ok = expand_reverse(api, ip, misperrors)
|
||||||
|
|
||||||
if status_ok:
|
|
||||||
result_filtered['results'].append(r)
|
|
||||||
else:
|
|
||||||
return r
|
|
||||||
|
|
||||||
r, status_ok = expand_reverse(api, ip,misperrors)
|
|
||||||
|
|
||||||
if status_ok:
|
if status_ok:
|
||||||
result_filtered['results'].append(r)
|
result_filtered['results'].append(r)
|
||||||
|
@ -94,7 +96,7 @@ def expand_syscan(api, ip, misperror):
|
||||||
status_ok = False
|
status_ok = False
|
||||||
r = None
|
r = None
|
||||||
|
|
||||||
return r,status_ok
|
return r, status_ok
|
||||||
|
|
||||||
|
|
||||||
def expand_datascan(api, misperror,**kwargs):
|
def expand_datascan(api, misperror,**kwargs):
|
||||||
|
@ -108,14 +110,57 @@ def expand_reverse(api, ip, misperror):
|
||||||
status_ok = False
|
status_ok = False
|
||||||
r = None
|
r = None
|
||||||
|
|
||||||
return r,status_ok
|
return r, status_ok
|
||||||
|
|
||||||
|
|
||||||
def expand_forward(api, ip, misperror):
|
def expand_forward(api, ip, misperror):
|
||||||
status_ok = False
|
status_ok = False
|
||||||
r = None
|
r = None
|
||||||
|
|
||||||
return r,status_ok
|
return r, status_ok
|
||||||
|
|
||||||
|
|
||||||
|
def expand_pastries(api, misperror, **kwargs):
|
||||||
|
status_ok = False
|
||||||
|
r = []
|
||||||
|
ip = None
|
||||||
|
domain = None
|
||||||
|
result = None
|
||||||
|
urls_pasties = []
|
||||||
|
domains = []
|
||||||
|
ips = []
|
||||||
|
if 'ip' in kwargs:
|
||||||
|
ip = kwargs.get('ip')
|
||||||
|
result = api.pastries(ip)
|
||||||
|
|
||||||
|
if 'domain' in kwargs:
|
||||||
|
domain = kwargs.get('domain')
|
||||||
|
result = api.pastries(domain)
|
||||||
|
|
||||||
|
if result['status'] =='ok':
|
||||||
|
status_ok = True
|
||||||
|
for item in result['results']:
|
||||||
|
if item['@category'] == 'pastries':
|
||||||
|
if item['@type'] == 'pastebin':
|
||||||
|
urls_pasties.append('https://pastebin.com/raw/%s' % item['key'])
|
||||||
|
|
||||||
|
if 'domain' in item:
|
||||||
|
domains.extend(item['domain'])
|
||||||
|
if 'ip' in item:
|
||||||
|
ips.extend(item['ips'])
|
||||||
|
if 'hostname' in item:
|
||||||
|
domains.extend(item['hostname'])
|
||||||
|
|
||||||
|
r.append({'types': ['url'], 'values': urls_pasties,
|
||||||
|
'categories': ['External analysis']})
|
||||||
|
r.append({'types': ['domains'], 'values': list(set(domains)),
|
||||||
|
'categories': ['Network activity']})
|
||||||
|
|
||||||
|
r.append({'types': ['ip-dst'], 'values': list(set(ips)),
|
||||||
|
'categories': ['Network activity']})
|
||||||
|
|
||||||
|
return r, status_ok
|
||||||
|
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
return mispattributes
|
return mispattributes
|
||||||
|
|
Loading…
Reference in New Issue