From 8de350744b86f7ddcddfaedb8be65af6c973e02b Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Tue, 16 Jul 2019 22:39:35 +0200
Subject: [PATCH] chg: Getting domain siblings attributes uuid for further
 references

---
 misp_modules/modules/expansion/virustotal_public.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/virustotal_public.py b/misp_modules/modules/expansion/virustotal_public.py
index 0d50a86..6e5a58d 100644
--- a/misp_modules/modules/expansion/virustotal_public.py
+++ b/misp_modules/modules/expansion/virustotal_public.py
@@ -79,10 +79,15 @@ class DomainQuery(VirusTotalParser):
             whois_object = MISPObject(whois)
             whois_object.add_attribute('text', type='text', value=query_result[whois])
             self.misp_event.add_object(**whois_object)
+        siblings = (self.parse_siblings(domain) for domain in query_result['domain_siblings'])
         self.parse_resolutions(query_result['resolutions'], query_result['subdomains'])
         self.parse_urls(query_result)
-        for domain in query_result['domain_siblings']:
-            self.misp_event.add_attribute('domain', domain)
+
+    def parse_siblings(domain):
+        attribute = MISPAttribute()
+        attribute.from_dict(dict(type='domain', value=domain))
+        self.misp_event.add_attribute(**attribute)
+        return attribute.uuid
 
 
 class HashQuery(VirusTotalParser):