Merge branch 'master' into doc_osqueryexport

pull/241/head
Alexandre Dulaunoy 2018-10-26 08:10:10 +02:00 committed by GitHub
commit b549cad8c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions

View File

@ -116,6 +116,8 @@ Create your module in [misp_modules/modules/expansion/](misp_modules/modules/exp
Don't forget to return an error key and value if an error is raised to propagate it to the MISP user-interface.
Your module's script name should also be added in the `__all__` list of `<module type folder>/__init__.py` in order for it to be loaded.
~~~python
...
# Checking for required value
@ -207,6 +209,19 @@ def handler(q=False):
codecs.encode(src, "rot-13")}
~~~
#### export module
For an export module, the `request["data"]` object corresponds to a list of events (dictionaries) to handle.
Iterating over events attributes is performed using their `Attribute` key.
~~~python
...
for event in request["data"]:
for attribute in event["Attribute"]:
# do stuff w/ attribute['type'], attribute['value'], ...
...
### Returning Binary Data
If you want to return a file or other data you need to add a data attribute.

View File

@ -42,7 +42,7 @@ def handle_regkeyvalue(value):
return 'SELECT * FROM registry WHERE path LIKE \'%s\' AND data LIKE \'%s\';' % (key, value)
def handle_mutex(value):
return 'not implemented yet'
return 'SELECT * FROM winbaseobj WHERE object_name LIKE \'%s\';' % value
def handle_service(value):
return 'SELECT * FROM services WHERE display_name LIKE \'%s\' OR name like \'%s\';' % (value, value)