mirror of https://github.com/MISP/misp-modules
Sebdraven
parent
9364859ce9
commit
94f6af8882
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from pymisp import MISPEvent
|
from pymisp import MISPEvent, MISPObject
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from onyphe import Onyphe
|
from onyphe import Onyphe
|
||||||
|
|
@ -31,14 +31,46 @@ class OnypheClient:
|
||||||
self.misp_event = MISPEvent()
|
self.misp_event = MISPEvent()
|
||||||
self.misp_event.add_attribute(**attribute)
|
self.misp_event.add_attribute(**attribute)
|
||||||
|
|
||||||
def parser_results(self):
|
|
||||||
pass
|
|
||||||
|
|
||||||
def get_results(self):
|
def get_results(self):
|
||||||
event = json.loads(self.misp_event.to_json())
|
event = json.loads(self.misp_event.to_json())
|
||||||
results = {key: event[key] for key in ('Attribute', 'Object') if key in event}
|
results = {key: event[key] for key in ('Attribute', 'Object') if key in event}
|
||||||
return results
|
return results
|
||||||
|
|
||||||
|
def get_query_onyphe(self):
|
||||||
|
if self.attribute['type'] == 'ip-src' and self.attribute['type'] =='ip-dst':
|
||||||
|
self.__summary_ip()
|
||||||
|
|
||||||
|
def __summary_ip(self):
|
||||||
|
results = self.onyphe_client.summary_ip(self.attribute['value'])
|
||||||
|
if 'results' in results:
|
||||||
|
for r in results['results']:
|
||||||
|
domain = r['domain']
|
||||||
|
if type(domain) == list:
|
||||||
|
for d in domain:
|
||||||
|
self.__get_object_domain_ip(d, 'domain')
|
||||||
|
elif type(domain) == str:
|
||||||
|
self.__get_object_domain_ip(domain, 'domain')
|
||||||
|
|
||||||
|
def __get_object_domain_ip(self, obs, relation):
|
||||||
|
objet_domain_ip = MISPObject('domain-ip')
|
||||||
|
objet_domain_ip.add_attribute(relation, obs)
|
||||||
|
relation_attr = self.__get_relation_attribute()
|
||||||
|
if relation_attr:
|
||||||
|
objet_domain_ip.add_attribute(relation, self.attribute['value'])
|
||||||
|
objet_domain_ip.add_reference(self.attribute['uuid'], 'related-to')
|
||||||
|
self.misp_event.add_object(objet_domain_ip)
|
||||||
|
|
||||||
|
def __get_relation_attribute(self):
|
||||||
|
|
||||||
|
if self.attribute['type'] == 'ip-src':
|
||||||
|
return 'ip'
|
||||||
|
elif self.attribute['type'] == 'ip-dest':
|
||||||
|
return 'ip'
|
||||||
|
elif self.attribute['type'] == 'domain':
|
||||||
|
return 'domain'
|
||||||
|
elif self.attribute['type'] == 'hostname':
|
||||||
|
return 'domain'
|
||||||
|
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
if q:
|
if q:
|
||||||
|
|
@ -50,6 +82,13 @@ def handler(q=False):
|
||||||
misperrors['error'] = 'Onyphe authentication is missing'
|
misperrors['error'] = 'Onyphe authentication is missing'
|
||||||
return misperrors
|
return misperrors
|
||||||
|
|
||||||
|
api_key = request['config'].get('apikey')
|
||||||
|
|
||||||
|
onyphe_client = OnypheClient(api_key, attribute)
|
||||||
|
onyphe_client.get_query_onyphe()
|
||||||
|
results = onyphe_client.get_results()
|
||||||
|
|
||||||
|
return {'results': results}
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
return mispattributes
|
return mispattributes
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue