MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Update yeti.py 

add file to add in attribute
pull/488/head
Sebdraven 2021-04-20 10:41:44 +02:00
parent 5d80b79bc4
commit 8ea3d5c5c7
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
misp_modules/modules/expansion/yeti.py
View File

@ -25,7 +25,7 @@ class Yeti():
def __init__(self, url, key,attribute): def __init__(self, url, key,attribute):
self.misp_mapping = {'Ip': 'ip-dst', 'Domain': 'domain', 'Hostname': 'hostname', 'Url': 'url', self.misp_mapping = {'Ip': 'ip-dst', 'Domain': 'domain', 'Hostname': 'hostname', 'Url': 'url',
'AutonomousSystem': 'AS'} 'AutonomousSystem': 'AS', 'File': 'sha256'}
self.yeti_client = pyeti.YetiApi(url=url, api_key=key) self.yeti_client = pyeti.YetiApi(url=url, api_key=key)
self.attribute = attribute self.attribute = attribute
self.misp_event = MISPEvent() self.misp_event = MISPEvent()
@ -90,7 +90,12 @@ class Yeti():
try: try:
type_attr = self.misp_mapping[obs_to_add['type']] type_attr = self.misp_mapping[obs_to_add['type']]
attr = self.misp_event.add_attribute(value=obs_to_add['value'], type=type_attr) value = None
if obs_to_add['type'] == 'File':
value = obs_to_add['value'].split(':')[1]
else:
value = obs_to_add['value']
attr = self.misp_event.add_attribute(value=value, type=type_attr)
except KeyError: except KeyError:
logging.error('type not found %s' % obs_to_add['type']) logging.error('type not found %s' % obs_to_add['type'])
return return