Merge branch 'master' into doc_osqueryexport

Alexandre Dulaunoy 4 years ago committed by GitHub
commit b549cad8c0
No known key found for this signature in database
  1. 15
  2. 2

@ -116,6 +116,8 @@ Create your module in [misp_modules/modules/expansion/](misp_modules/modules/exp
Don't forget to return an error key and value if an error is raised to propagate it to the MISP user-interface.
Your module's script name should also be added in the `__all__` list of `<module type folder>/` in order for it to be loaded.
# Checking for required value
@ -207,6 +209,19 @@ def handler(q=False):
codecs.encode(src, "rot-13")}
#### export module
For an export module, the `request["data"]` object corresponds to a list of events (dictionaries) to handle.
Iterating over events attributes is performed using their `Attribute` key.
for event in request["data"]:
for attribute in event["Attribute"]:
# do stuff w/ attribute['type'], attribute['value'], ...
### Returning Binary Data
If you want to return a file or other data you need to add a data attribute.

@ -42,7 +42,7 @@ def handle_regkeyvalue(value):
return 'SELECT * FROM registry WHERE path LIKE \'%s\' AND data LIKE \'%s\';' % (key, value)
def handle_mutex(value):
return 'not implemented yet'
return 'SELECT * FROM winbaseobj WHERE object_name LIKE \'%s\';' % value
def handle_service(value):
return 'SELECT * FROM services WHERE display_name LIKE \'%s\' OR name like \'%s\';' % (value, value)