From de966eac5157557cb20df6a3a44ba3017290ff32 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Fri, 7 Jun 2019 15:22:11 +0200 Subject: [PATCH] fix: Returning tags & galaxies with results - Tags may exist with the current version of the parser - Galaxies are not yet expected from the parser, nevertheless the principle is we want to return them as well if ever we have some galaxies from parsing a JoeSandbox report. Can be removed if we never galaxies at all --- misp_modules/lib/joe_parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/lib/joe_parser.py b/misp_modules/lib/joe_parser.py index 7ee8a4b..83f1fa0 100644 --- a/misp_modules/lib/joe_parser.py +++ b/misp_modules/lib/joe_parser.py @@ -317,7 +317,7 @@ class JoeParser(): if self.references: self.build_references() event = json.loads(self.misp_event.to_json())['Event'] - self.results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])} + self.results = {key: event[key] for key in ('Attribute', 'Object', 'Tag', 'Galaxy') if (key in event and event[key])} @staticmethod def parse_timestamp(timestamp):