From 50bae1f549c55a90ac7da0ef259d2eac05e70c29 Mon Sep 17 00:00:00 2001 From: Richard van den Berg Date: Wed, 28 Sep 2016 15:45:01 +0200 Subject: [PATCH 1/2] Simple import module to import MISP JSON format --- misp_modules/modules/import_mod/__init__.py | 2 +- misp_modules/modules/import_mod/mispjson.py | 61 +++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100755 misp_modules/modules/import_mod/mispjson.py diff --git a/misp_modules/modules/import_mod/__init__.py b/misp_modules/modules/import_mod/__init__.py index 82505d9..fd5d539 100644 --- a/misp_modules/modules/import_mod/__init__.py +++ b/misp_modules/modules/import_mod/__init__.py @@ -1,3 +1,3 @@ from . import _vmray -__all__ = ['vmray_import', 'testimport', 'ocr', 'stiximport', 'cuckooimport', 'email_import'] +__all__ = ['vmray_import', 'testimport', 'ocr', 'stiximport', 'cuckooimport', 'email_import', 'mispjson'] diff --git a/misp_modules/modules/import_mod/mispjson.py b/misp_modules/modules/import_mod/mispjson.py new file mode 100755 index 0000000..628d3f0 --- /dev/null +++ b/misp_modules/modules/import_mod/mispjson.py @@ -0,0 +1,61 @@ +import json +import base64 + +misperrors = {'error': 'Error'} +userConfig = { }; + +inputSource = ['file'] + +moduleinfo = {'version': '0.1', 'author': 'Richard van den Berg', + 'description': 'MISP JSON format import module for MISP', + 'module-type': ['import']} + +moduleconfig = [] + + +def handler(q=False): + if q is False: + return False + r = {'results': []} + request = json.loads(q) + try: + mfile = base64.b64decode(request["data"]).decode('utf-8') + misp = json.loads(mfile) + event = misp['response'][0]['Event'] + for a in event["Attribute"]: + tmp = {} + tmp["values"] = a["value"] + tmp["categories"] = a["category"] + tmp["types"] = a["type"] + tmp["to_ids"] = a["to_ids"] + tmp["comment"] = a["comment"] + if a.get("data"): + tmp["data"] = a["data"] + r['results'].append(tmp) + except: + pass + return r + +def introspection(): + modulesetup = {} + try: + userConfig + modulesetup['userConfig'] = userConfig + except NameError: + pass + try: + inputSource + modulesetup['inputSource'] = inputSource + except NameError: + pass + return modulesetup + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo + +if __name__ == '__main__': + x = open('test.json', 'r') + r = handler(q=x.read()) + print(json.dumps(r)) From 3a4c540a81bbb36c45b50e98cb71ce14a441fe5b Mon Sep 17 00:00:00 2001 From: Richard van den Berg Date: Wed, 11 Jan 2017 09:45:57 +0100 Subject: [PATCH 2/2] Updated description to reflect merging use case --- misp_modules/modules/import_mod/mispjson.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/import_mod/mispjson.py b/misp_modules/modules/import_mod/mispjson.py index 628d3f0..f9d52ec 100755 --- a/misp_modules/modules/import_mod/mispjson.py +++ b/misp_modules/modules/import_mod/mispjson.py @@ -7,7 +7,7 @@ userConfig = { }; inputSource = ['file'] moduleinfo = {'version': '0.1', 'author': 'Richard van den Berg', - 'description': 'MISP JSON format import module for MISP', + 'description': 'MISP JSON format import module for merging MISP events', 'module-type': ['import']} moduleconfig = []