mirror of https://github.com/MISP/misp-modules
add threat list expansion
parent
1d1fd36569
commit
e230c88c15
|
@ -82,7 +82,7 @@ def handle_ip(api, ip, misperrors):
|
||||||
if status_ok:
|
if status_ok:
|
||||||
result_filtered['results'].extend(r)
|
result_filtered['results'].extend(r)
|
||||||
else:
|
else:
|
||||||
misperrors['error'] = 'Error datascan result %s' % status_ok
|
misperrors['error'] = 'Error datascan result '
|
||||||
return misperrors
|
return misperrors
|
||||||
|
|
||||||
r, status_ok = expand_forward(api, ip, misperrors)
|
r, status_ok = expand_forward(api, ip, misperrors)
|
||||||
|
@ -90,7 +90,7 @@ def handle_ip(api, ip, misperrors):
|
||||||
if status_ok:
|
if status_ok:
|
||||||
result_filtered['results'].extend(r)
|
result_filtered['results'].extend(r)
|
||||||
else:
|
else:
|
||||||
misperrors['error'] = 'Error forward result %s' % status_ok
|
misperrors['error'] = 'Error forward result'
|
||||||
return misperrors
|
return misperrors
|
||||||
|
|
||||||
r, status_ok = expand_reverse(api, ip, misperrors)
|
r, status_ok = expand_reverse(api, ip, misperrors)
|
||||||
|
@ -101,7 +101,14 @@ def handle_ip(api, ip, misperrors):
|
||||||
misperrors['error'] = 'Error reverse result'
|
misperrors['error'] = 'Error reverse result'
|
||||||
return misperrors
|
return misperrors
|
||||||
|
|
||||||
print(result_filtered)
|
r, status_ok = expand_threatlist(api, misperrors, ip=ip)
|
||||||
|
|
||||||
|
if status_ok:
|
||||||
|
result_filtered['results'].extend(r)
|
||||||
|
else:
|
||||||
|
misperrors['error'] = 'Error threat list'
|
||||||
|
return misperrors
|
||||||
|
|
||||||
return result_filtered
|
return result_filtered
|
||||||
|
|
||||||
|
|
||||||
|
@ -168,7 +175,6 @@ def expand_datascan(api, misperror,**kwargs):
|
||||||
|
|
||||||
results = api.datascan(query)
|
results = api.datascan(query)
|
||||||
|
|
||||||
|
|
||||||
if results['status'] == 'ok':
|
if results['status'] == 'ok':
|
||||||
status_ok = True
|
status_ok = True
|
||||||
for elem in results['results']:
|
for elem in results['results']:
|
||||||
|
@ -308,6 +314,32 @@ def expand_pastries(api, misperror, **kwargs):
|
||||||
return r, status_ok
|
return r, status_ok
|
||||||
|
|
||||||
|
|
||||||
|
def expand_threatlist(api, misperror,**kwargs):
|
||||||
|
status_ok = False
|
||||||
|
r = []
|
||||||
|
|
||||||
|
query = None
|
||||||
|
|
||||||
|
threat_list = []
|
||||||
|
|
||||||
|
if 'ip' in kwargs:
|
||||||
|
query = kwargs.get('ip')
|
||||||
|
else:
|
||||||
|
query = kwargs.get('domain')
|
||||||
|
|
||||||
|
results = api.threatlist(query)
|
||||||
|
if results['status'] == 'ok':
|
||||||
|
status_ok = True
|
||||||
|
threat_list = ['seen %s on %s ' % (item['seen_date'], item['threatlist'])
|
||||||
|
for item in results['results']]
|
||||||
|
|
||||||
|
r.append({'types': ['comment'],
|
||||||
|
'categories': ['Other'],
|
||||||
|
'values': [threat_list]
|
||||||
|
})
|
||||||
|
|
||||||
|
return r,status_ok
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
return mispattributes
|
return mispattributes
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue