mirror of https://github.com/MISP/misp-modules
added comments
parent
91417d390b
commit
a3c01fa318
|
@ -36,6 +36,7 @@ class TruSTARParser:
|
||||||
'SHA256': "sha256"
|
'SHA256': "sha256"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Relevant fields from each TruSTAR endpoint
|
||||||
SUMMARY_FIELDS = ["severityLevel", "source", "score", "attributes"]
|
SUMMARY_FIELDS = ["severityLevel", "source", "score", "attributes"]
|
||||||
METADATA_FIELDS = ["sightings", "first_seen", "last_seen", "tags"]
|
METADATA_FIELDS = ["sightings", "first_seen", "last_seen", "tags"]
|
||||||
|
|
||||||
|
@ -140,13 +141,16 @@ class TruSTARParser:
|
||||||
tags = self.extract_tags(enrichment_report)
|
tags = self.extract_tags(enrichment_report)
|
||||||
|
|
||||||
if enrichment_report:
|
if enrichment_report:
|
||||||
|
# Create MISP trustar_report object and populate it with enrichment data
|
||||||
trustar_obj = MISPObject('trustar_report')
|
trustar_obj = MISPObject('trustar_report')
|
||||||
trustar_obj.add_attribute(indicator_type, attribute_type=self.ENTITY_TYPE_MAPPINGS[indicator_type],
|
trustar_obj.add_attribute(indicator_type, attribute_type=self.ENTITY_TYPE_MAPPINGS[indicator_type],
|
||||||
value=indicator)
|
value=indicator)
|
||||||
trustar_obj.add_attribute("INDICATOR_SUMMARY", attribute_type="text",
|
trustar_obj.add_attribute("INDICATOR_SUMMARY", attribute_type="text",
|
||||||
value=json.dumps(enrichment_report, indent=4))
|
value=json.dumps(enrichment_report, indent=4))
|
||||||
|
|
||||||
report_link = self.generate_trustar_link(indicator_type, indicator)
|
report_link = self.generate_trustar_link(indicator_type, indicator)
|
||||||
trustar_obj.add_attribute("REPORT_LINK", attribute_type="link", value=report_link)
|
trustar_obj.add_attribute("REPORT_LINK", attribute_type="link", value=report_link)
|
||||||
|
|
||||||
self.misp_event.add_object(**trustar_obj)
|
self.misp_event.add_object(**trustar_obj)
|
||||||
elif not tags:
|
elif not tags:
|
||||||
# If enrichment report is empty and there are no tags, nothing to add to attribute
|
# If enrichment report is empty and there are no tags, nothing to add to attribute
|
||||||
|
|
Loading…
Reference in New Issue