mirror of https://github.com/MISP/misp-modules
parent
0618e288d3
commit
c9bc97c9f9
|
@ -69,7 +69,7 @@ class Yeti():
|
||||||
obs = self.search(self.attribute['value'])
|
obs = self.search(self.attribute['value'])
|
||||||
values = []
|
values = []
|
||||||
types = []
|
types = []
|
||||||
|
self.misp_event.add_attribute(**self.attribute)
|
||||||
for obs_to_add in self.get_neighboors(obs['id']):
|
for obs_to_add in self.get_neighboors(obs['id']):
|
||||||
object_misp = self.get_object(obs_to_add)
|
object_misp = self.get_object(obs_to_add)
|
||||||
self.misp_event.add_object(object_misp)
|
self.misp_event.add_object(object_misp)
|
||||||
|
@ -79,7 +79,7 @@ class Yeti():
|
||||||
results = {key: event[key] for key in ('Attribute', 'Object')}
|
results = {key: event[key] for key in ('Attribute', 'Object')}
|
||||||
return results
|
return results
|
||||||
|
|
||||||
def get_object(self,obj_to_add):
|
def get_object(self, obj_to_add):
|
||||||
if (obj_to_add['type'] == 'Ip' and self.attribute in ['hostname','domain']) or\
|
if (obj_to_add['type'] == 'Ip' and self.attribute in ['hostname','domain']) or\
|
||||||
(obj_to_add['type'] in ('Hostname', 'Domain') and self.attribute['type'] in ('ip-src', 'ip-dst')):
|
(obj_to_add['type'] in ('Hostname', 'Domain') and self.attribute['type'] in ('ip-src', 'ip-dst')):
|
||||||
domain_ip_object = MISPObject('domain-ip')
|
domain_ip_object = MISPObject('domain-ip')
|
||||||
|
@ -90,8 +90,13 @@ class Yeti():
|
||||||
|
|
||||||
def __get_attribute(self, obj_yeti):
|
def __get_attribute(self, obj_yeti):
|
||||||
typ_attribute = self.misp_mapping[obj_yeti['type']]
|
typ_attribute = self.misp_mapping[obj_yeti['type']]
|
||||||
attr_misp = {'type':typ_attribute, 'value': obj_yeti['value'],
|
attr_misp = {'type':typ_attribute, 'value': obj_yeti['value']}
|
||||||
'object_relation': 'pdns'}
|
if typ_attribute == 'ip-src' or typ_attribute =='ip-dst':
|
||||||
|
attr_misp['object_relation'] = 'ip'
|
||||||
|
elif 'domain' == typ_attribute:
|
||||||
|
attr_misp['object_relation'] = 'domain'
|
||||||
|
else:
|
||||||
|
attr_misp['object_relation'] = None
|
||||||
return attr_misp
|
return attr_misp
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
|
|
Loading…
Reference in New Issue