MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Update yeti.py 

add ns_record object
pull/488/head
Sebdraven 2021-04-20 13:53:06 +02:00
parent cec06ed26d
commit baaaa81ec3
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
misp_modules/modules/expansion/yeti.py
View File

@ -23,7 +23,7 @@ moduleconfig = ['apikey', 'url']
class Yeti(): class Yeti():
def __init__(self, url, key,attribute): def __init__(self, url, key, attribute):
self.misp_mapping = {'Ip': 'ip-dst', 'Domain': 'domain', 'Hostname': 'hostname', 'Url': 'url', self.misp_mapping = {'Ip': 'ip-dst', 'Domain': 'domain', 'Hostname': 'hostname', 'Url': 'url',
'AutonomousSystem': 'AS', 'File': 'sha256'} 'AutonomousSystem': 'AS', 'File': 'sha256'}
self.yeti_client = pyeti.YetiApi(url=url, api_key=key) self.yeti_client = pyeti.YetiApi(url=url, api_key=key)
@ -85,7 +85,10 @@ class Yeti():
if object_misp_url: if object_misp_url:
self.misp_event.add_object(object_misp_url) self.misp_event.add_object(object_misp_url)
continue continue
if link == 'NS record':
object_ns_record = self.__get_object_ns_record(obs_to_add)
self.misp_event.add_object(object_ns_record)
continue
self.__get_attribute(obs_to_add, link) self.__get_attribute(obs_to_add, link)
def get_result(self): def get_result(self):
@ -139,6 +142,15 @@ class Yeti():
return url_object return url_object
def __get_object_ns_record(self, obj_to_add):
object_dns_record = MISPObject('dns-record')
object_dns_record.add_attribute(self.attribute['value'], 'queried_domain')
object_dns_record.add_attribute(obj_to_add['value', 'ns-record'])
object_dns_record.add_reference(self.attribute['uuid'], 'related_to')
return object_dns_record
def __get_relation(self, obj, is_yeti_object=True): def __get_relation(self, obj, is_yeti_object=True):
if is_yeti_object: if is_yeti_object:
type_attribute = self.misp_mapping[obj['type']] type_attribute = self.misp_mapping[obj['type']]