MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add comment of attributes

pull/197/head
Sebdraven 2018-06-20 15:05:00 +02:00
parent 7eba7c0386
commit 915747073a
1 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
misp_modules/modules/expansion/onyphe_full.py
View File

@ -115,23 +115,32 @@ def expand_syscan(api, ip, misperror):
os_target = elem['os'] os_target = elem['os']
geoloc.append(elem['location']) geoloc.append(elem['location'])
orgs.append(elem['organization']) orgs.append(elem['organization'])
if os_target != 'Unknown': if os_target != 'Unknown' and os_target != 'Undefined':
os_list.append(elem['os']) os_list.append(elem['os'])
r.append({'types': ['target-machine'], r.append({'types': ['target-machine'],
'values': list(set(os_list)), 'values': list(set(os_list)),
'categories': ['Targeting data']}) 'categories': ['Targeting data'],
'comment':'OS found on %s with synscan of Onyphe' % ip})
r.append({'types': ['target-location'], r.append({'types': ['target-location'],
'values': list(set(geoloc)), 'values': list(set(geoloc)),
'categories': ['Targeting data']}) 'categories': ['Targeting data'],
'comment': 'geolocalisation of %s found with synscan of Onyphe'
% ip
})
r.append({'types': ['target-org'], r.append({'types': ['target-org'],
'values': list(set(orgs)), 'values': list(set(orgs)),
'categories': ['Targeting data']}) 'categories': ['Targeting data'],
'comment': 'Organisations of %s found with synscan of Onyphe'
})
r.append({'types': ['AS'], 'values': list(set(asn_list)), r.append({'types': ['AS'],
'categories': ['Network activity']}) 'values': list(set(asn_list)),
'categories': ['Network activity'],
'comment': 'As number of %s found with synscan of Onyphe'
})
return r, status_ok return r, status_ok
@ -191,10 +200,12 @@ def expand_pastries(api, misperror, **kwargs):
r.append({'types': ['url'], 'values': urls_pasties, r.append({'types': ['url'], 'values': urls_pasties,
'categories': ['External analysis']}) 'categories': ['External analysis']})
r.append({'types': ['domain'], 'values': list(set(domains)), r.append({'types': ['domain'], 'values': list(set(domains)),
'categories': ['Network activity']}) 'categories': ['Network activity'],
'comment': 'domains found in pasties of Onyphe'})
r.append({'types': ['ip-dst'], 'values': list(set(ips)), r.append({'types': ['ip-dst'], 'values': list(set(ips)),
'categories': ['Network activity']}) 'categories': ['Network activity'],
'comment': 'IPs found in pasties of Onyphe'})
return r, status_ok return r, status_ok