MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Outputting xml format 

Also mapping MISP and GoAML types
pull/163/head
chrisr3d 2018-02-01 14:55:48 +01:00
parent 48869335ee
commit 8dce7935ae
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 61 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
misp_modules/modules/export_mod/goaml.py
View File

@ -1,5 +1,5 @@
import json
import pymisp
from pymisp import MISPEvent
import base64
misperrors = {'error': 'Error'}
@ -8,15 +8,29 @@ moduleinfo = {'version': '1', 'author': 'Christian Studer',
'module-type': ['export']}
moduleconfig = []
mispattributes = {}
outputFileExtension = "xml"
responseType = "application/xml"
objects_to_parse = ['bank-account', 'person']
goAMLmapping = {'bank-account': 't_account', 'text': 'institution_name', 'institution-code': 'institution_code',
'swift': 'swift', 'branch': 'branch', 'non-banking-institution': 'non_bank_institution',
'account': 'account', 'currency-code': 'currency_code', 'account-name': 'account_name',
'iban': 'iban', 'client-number': 'client_number', 'personal-account-type': 'personal_account_type',
'opened': 'opened', 'closed': 'closed', 'balance': 'balance', 'status-code': 'status_code',
'beneficiary': 'beneficiary', 'beneficiary-comment': 'beneficiary_comment', 'comments': 'comments',
'person': 't_person', 'text': 'comments', 'first-name': 'first_name', 'middle-name': 'middle_name',
'last-name': 'last_name', 'mothers-name': 'mothers_name', 'title': 'title', 'alias': 'alias',
'date-of-birth': 'birthdate', 'place-of-birth': 'birth_place', 'gender': 'gender',
'passport-number': 'passport_number', 'passport-country': 'passport_country',
'social-security-number': 'ssn', 'nationality': 'nationality1'}
class GoAmlGeneration():
def __init__(self):
self.document = {}
def from_event(self, event):
self.misp_event = pymisp.MISPEvent()
self.misp_event = MISPEvent()
self.misp_event.load(event)
def parse_objects(self):
@ -27,6 +41,27 @@ class GoAmlGeneration():
obj_dict[attribute.object_relation] = attribute.value
self.document[obj.name] = obj_dict
def build_xml(self):
self.xml = "<report>"
if 'bank-account' in self.document:
if 'report-code' in self.document['bank-account']:
self.xml += "<report_code>{}</report_code>".format(self.document['bank-account'].pop('report-code').split(' ')[0])
for a in ('personal-account-type', 'status-code'):
if a in self.document['bank-account']:
self.document['bank-account'][a] = self.document['bank-account'][a].split(' - ')[0]
self.itterate()
self.xml += "</report>"
def itterate(self):
for t in self.document:
self.xml += "<{}>".format(goAMLmapping[t])
for k in self.document[t]:
try:
self.xml += "<{0}>{1}</{0}>".format(goAMLmapping[k], self.document[t][k])
except KeyError:
pass
self.xml += "</{}>".format(goAMLmapping[t])
def handler(q=False):
if q is False:
return False
@ -36,11 +71,33 @@ def handler(q=False):
exp_doc = GoAmlGeneration()
exp_doc.from_event(request['data'][0])
exp_doc.parse_objects()
return {'response': {}, 'data': exp_doc.document}
exp_doc.build_xml()
return {'response': {}, 'data': exp_doc.xml}
#return {'response': [], 'data': str(base64.b64encode(bytes(exp_doc.document, 'utf-8')), 'utf-8')}
def introspection():
return
modulesetup = {}
try:
responseType
modulesetup['responseType'] = responseType
except NameError:
pass
try:
userConfig
modulesetup['userConfig'] = userConfig
except NameError:
pass
try:
outputFileExtension
modulesetup['outputFileExtension'] = outputFileExtension
except NameError:
pass
try:
inputSource
mmoduleSetup['inputSource'] = inputSource
except NameError:
pass
return modulesetup
def version():
moduleinfo['config'] = moduleconfig