mirror of https://github.com/MISP/misp-modules
add expansion synscan
parent
5426ec5380
commit
e1bc67afad
|
@ -62,12 +62,12 @@ def handle_ip(api, ip, misperrors):
|
||||||
|
|
||||||
r, status_ok = expand_syscan(api, ip, misperrors)
|
r, status_ok = expand_syscan(api, ip, misperrors)
|
||||||
|
|
||||||
# if status_ok:
|
if status_ok:
|
||||||
# result_filtered['results'].append(r)
|
result_filtered['results'].append(r)
|
||||||
# else:
|
else:
|
||||||
# misperrors['error'] = "Error syscan result"
|
misperrors['error'] = "Error syscan result"
|
||||||
|
|
||||||
r,status_ok = expand_pastries(api,misperrors,ip=ip)
|
r, status_ok = expand_pastries(api,misperrors,ip=ip)
|
||||||
|
|
||||||
if status_ok:
|
if status_ok:
|
||||||
result_filtered['results'].extend(r)
|
result_filtered['results'].extend(r)
|
||||||
|
@ -101,7 +101,37 @@ def handle_ip(api, ip, misperrors):
|
||||||
|
|
||||||
def expand_syscan(api, ip, misperror):
|
def expand_syscan(api, ip, misperror):
|
||||||
status_ok = False
|
status_ok = False
|
||||||
r = None
|
r = []
|
||||||
|
asn_list = []
|
||||||
|
os_list = []
|
||||||
|
geoloc = []
|
||||||
|
orgs = []
|
||||||
|
results = api.synscan(ip)
|
||||||
|
|
||||||
|
if results['status'] == 'ok':
|
||||||
|
status_ok = True
|
||||||
|
for elem in results['result']:
|
||||||
|
asn_list.append(elem['asn'])
|
||||||
|
os_list = elem['os']
|
||||||
|
geoloc.append(elem['location'])
|
||||||
|
orgs.append(elem['organization'])
|
||||||
|
if os_list != 'Unknown':
|
||||||
|
os_list.append(elem['os'])
|
||||||
|
|
||||||
|
r.append({'types': ['target-machine'],
|
||||||
|
'values': list(set(os_list)),
|
||||||
|
'categories': ['Targeting data']})
|
||||||
|
|
||||||
|
r.append({'types': ['target-location'],
|
||||||
|
'values': list(set(geoloc)),
|
||||||
|
'categories': ['Targeting data']})
|
||||||
|
|
||||||
|
r.append({'types': ['target-org'],
|
||||||
|
'values': list(set(orgs)),
|
||||||
|
'categories': ['Targeting data']})
|
||||||
|
|
||||||
|
r.append({'types': ['AS'], 'values': list(set(asn_list)),
|
||||||
|
'categories': ['Network activity']})
|
||||||
|
|
||||||
return r, status_ok
|
return r, status_ok
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue