From 79f48eccfe675336e8f99fad81898d9fd735cd1d Mon Sep 17 00:00:00 2001 From: Tristan METAYER Date: Tue, 2 May 2017 14:41:22 +0200 Subject: [PATCH 1/3] If filename add iocfilename as attachment --- .../modules/import_mod/openiocimport.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/import_mod/openiocimport.py b/misp_modules/modules/import_mod/openiocimport.py index 27ef3f9..50bc8ba 100755 --- a/misp_modules/modules/import_mod/openiocimport.py +++ b/misp_modules/modules/import_mod/openiocimport.py @@ -33,8 +33,24 @@ def handler(q=False): return json.dumps({"success": 0}) pkg = openioc.load_openioc(package) + + # add origin file as attachment + if q.get("filename"): + r["results"].append({ + "values": [q.get('filename')], + "types": ['attachment'], + "categories": ['Support Tool'], + "data" : q.get('data'), + }) + + # return all attributes for attrib in pkg.attributes: - r["results"].append({"values": [attrib.value], "types": [attrib.type], "categories": [attrib.category]}) + r["results"].append({ + "values": [attrib.value], + "types": [attrib.type], + "categories": [attrib.category], + "comment":attrib.comment}) + return r From 4ef7261168e8368fe3cf7d47d994767cccbcf7ce Mon Sep 17 00:00:00 2001 From: Tristan METAYER Date: Tue, 2 May 2017 15:04:40 +0200 Subject: [PATCH 2/3] Add user config to not add file as attachement in a box --- .../modules/import_mod/openiocimport.py | 27 ++++++++++++------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/misp_modules/modules/import_mod/openiocimport.py b/misp_modules/modules/import_mod/openiocimport.py index 50bc8ba..420940c 100755 --- a/misp_modules/modules/import_mod/openiocimport.py +++ b/misp_modules/modules/import_mod/openiocimport.py @@ -4,8 +4,12 @@ import base64 from pymisp.tools import openioc misperrors = {'error': 'Error'} -userConfig = {} -inputSource = ['file'] +userConfig = { + 'not save ioc': { + 'type': 'Boolean', + 'message': 'If you check this box, IOC file will not save as an attachment in MISP' + } + }inputSource = ['file'] moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot', 'description': 'Import OpenIOC package', @@ -34,14 +38,17 @@ def handler(q=False): pkg = openioc.load_openioc(package) - # add origin file as attachment - if q.get("filename"): - r["results"].append({ - "values": [q.get('filename')], - "types": ['attachment'], - "categories": ['Support Tool'], - "data" : q.get('data'), - }) + if q.get('config'): + if q['config'].get('not save ioc') == "0": + + # add origin file as attachment + if q.get("filename"): + r["results"].append({ + "values": [q.get('filename')], + "types": ['attachment'], + "categories": ['Support Tool'], + "data" : q.get('data'), + }) # return all attributes for attrib in pkg.attributes: From 96f9cb4699b1f6a9d579f61ff6475fd3c2197ea7 Mon Sep 17 00:00:00 2001 From: Tristan METAYER Date: Tue, 2 May 2017 15:07:33 +0200 Subject: [PATCH 3/3] typo correction --- misp_modules/modules/import_mod/openiocimport.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/import_mod/openiocimport.py b/misp_modules/modules/import_mod/openiocimport.py index 420940c..9dcec3c 100755 --- a/misp_modules/modules/import_mod/openiocimport.py +++ b/misp_modules/modules/import_mod/openiocimport.py @@ -9,7 +9,9 @@ userConfig = { 'type': 'Boolean', 'message': 'If you check this box, IOC file will not save as an attachment in MISP' } - }inputSource = ['file'] + } + +inputSource = ['file'] moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot', 'description': 'Import OpenIOC package',