add summary ip

object domain
pull/498/head
Sebdraven 2021-04-23 16:02:21 +02:00
parent 9364859ce9
commit 94f6af8882
1 changed files with 43 additions and 4 deletions

View File

@ -2,7 +2,7 @@
import json import json
from pymisp import MISPEvent from pymisp import MISPEvent, MISPObject
try: try:
from onyphe import Onyphe from onyphe import Onyphe
@ -31,14 +31,46 @@ class OnypheClient:
self.misp_event = MISPEvent() self.misp_event = MISPEvent()
self.misp_event.add_attribute(**attribute) self.misp_event.add_attribute(**attribute)
def parser_results(self):
pass
def get_results(self): def get_results(self):
event = json.loads(self.misp_event.to_json()) event = json.loads(self.misp_event.to_json())
results = {key: event[key] for key in ('Attribute', 'Object') if key in event} results = {key: event[key] for key in ('Attribute', 'Object') if key in event}
return results return results
def get_query_onyphe(self):
if self.attribute['type'] == 'ip-src' and self.attribute['type'] =='ip-dst':
self.__summary_ip()
def __summary_ip(self):
results = self.onyphe_client.summary_ip(self.attribute['value'])
if 'results' in results:
for r in results['results']:
domain = r['domain']
if type(domain) == list:
for d in domain:
self.__get_object_domain_ip(d, 'domain')
elif type(domain) == str:
self.__get_object_domain_ip(domain, 'domain')
def __get_object_domain_ip(self, obs, relation):
objet_domain_ip = MISPObject('domain-ip')
objet_domain_ip.add_attribute(relation, obs)
relation_attr = self.__get_relation_attribute()
if relation_attr:
objet_domain_ip.add_attribute(relation, self.attribute['value'])
objet_domain_ip.add_reference(self.attribute['uuid'], 'related-to')
self.misp_event.add_object(objet_domain_ip)
def __get_relation_attribute(self):
if self.attribute['type'] == 'ip-src':
return 'ip'
elif self.attribute['type'] == 'ip-dest':
return 'ip'
elif self.attribute['type'] == 'domain':
return 'domain'
elif self.attribute['type'] == 'hostname':
return 'domain'
def handler(q=False): def handler(q=False):
if q: if q:
@ -50,6 +82,13 @@ def handler(q=False):
misperrors['error'] = 'Onyphe authentication is missing' misperrors['error'] = 'Onyphe authentication is missing'
return misperrors return misperrors
api_key = request['config'].get('apikey')
onyphe_client = OnypheClient(api_key, attribute)
onyphe_client.get_query_onyphe()
results = onyphe_client.get_results()
return {'results': results}
def introspection(): def introspection():
return mispattributes return mispattributes