diff --git a/misp_modules/modules/import_mod/openiocimport.py b/misp_modules/modules/import_mod/openiocimport.py index 9dcec3c..bf7a428 100755 --- a/misp_modules/modules/import_mod/openiocimport.py +++ b/misp_modules/modules/import_mod/openiocimport.py @@ -5,17 +5,22 @@ from pymisp.tools import openioc misperrors = {'error': 'Error'} userConfig = { - 'not save ioc': { - 'type': 'Boolean', - 'message': 'If you check this box, IOC file will not save as an attachment in MISP' - } - } + 'not save ioc': { + 'type': 'Boolean', + 'message': 'If you check this box, IOC file will not save as an attachment in MISP' + }, + 'default tag': { + 'type': 'String', + 'message': 'Add tags spaced by a comma (tlp:white,misp:threat-level="no-risk")', + 'validation' : '0' + } + } inputSource = ['file'] moduleinfo = {'version': '0.1', 'author': 'Raphaƫl Vinot', - 'description': 'Import OpenIOC package', - 'module-type': ['import']} + 'description': 'Import OpenIOC package', + 'module-type': ['import']} moduleconfig = [] @@ -42,24 +47,32 @@ def handler(q=False): if q.get('config'): if q['config'].get('not save ioc') == "0": - - # add origin file as attachment - if q.get("filename"): - r["results"].append({ + addFile = { "values": [q.get('filename')], "types": ['attachment'], "categories": ['Support Tool'], "data" : q.get('data'), - }) + } + # add tag + if q['config'].get('default tag') is not None: + addFile["tags"] = q['config']['default tag'].split(",") + # add file as attachment + r["results"].append(addFile) + # return all attributes for attrib in pkg.attributes: - r["results"].append({ + toAppend = { "values": [attrib.value], "types": [attrib.type], "categories": [attrib.category], - "comment":attrib.comment}) + "comment":attrib.comment + } + # add tag + if q['config'].get('default tag') is not None: + toAppend["tags"] = q['config']['default tag'].split(",") + r["results"].append(toAppend) return r