MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Making ipasn module return asn object(s)

Browse Source 
- Latest changes on the returned value as string
  broke the freetext parser, because no asn number
  could be parsed when we return the full json
  blob as a freetext attribute
- Now returning asn object(s) with a reference to
  the initial attribute
pull/363/head
chrisr3d 3 years ago
parent 35c438e6ee
commit b3bc533bc3
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 24 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      misp_modules/modules/expansion/ipasn.py

30
misp_modules/modules/expansion/ipasn.py
Unescape View File

@ -2,22 +2,40 @@
import json
from pyipasnhistory import IPASNHistory
from pymisp import MISPAttribute, MISPEvent, MISPObject
misperrors = {'error': 'Error'}
mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['freetext']}
mispattributes = {'input': ['ip-src', 'ip-dst'], 'format': 'misp_standard'}
moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot',
'description': 'Query an IP ASN history service (https://github.com/CIRCL/IP-ASN-history.git)',
'module-type': ['expansion', 'hover']}
def parse_result(attribute, values):
event = MISPEvent()
initial_attribute = MISPAttribute()
initial_attribute.from_dict(**attribute)
event.add_attribute(**initial_attribute)
mapping = {'asn': ('AS', 'asn'), 'prefix': ('ip-src', 'subnet-announced')}
print(values)
for last_seen, response in values['response'].items():
asn = MISPObject('asn')
asn.add_attribute('last-seen', **{'type': 'datetime', 'value': last_seen})
for feature, attribute_fields in mapping.items():
attribute_type, object_relation = attribute_fields
asn.add_attribute(object_relation, **{'type': attribute_type, 'value': response[feature]})
asn.add_reference(initial_attribute.uuid, 'related-to')
event.add_object(**asn)
event = json.loads(event.to_json())
return {key: event[key] for key in ('Attribute', 'Object')}
def handler(q=False):
if q is False:
return False
request = json.loads(q)
if request.get('ip-src'):
toquery = request['ip-src']
elif request.get('ip-dst'):
toquery = request['ip-dst']
if request.get('attribute') and request['attribute'].get('type') in mispattributes['input']:
toquery = request['attribute']['value']
else:
misperrors['error'] = "Unsupported attributes type"
return misperrors
@ -28,7 +46,7 @@ def handler(q=False):
if not values:
misperrors['error'] = 'Unable to find the history of this IP'
return misperrors
return {'results': [{'types': mispattributes['output'], 'values': [str(values)]}]}
return {'results': parse_result(request['attribute'], values)}
def introspection():

Write Preview
Loading…
Cancel
Save