From d7b529d3fe9c9cc32f624e4167fd733e1ff8a375 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Tue, 30 Mar 2021 03:42:54 +0200 Subject: [PATCH 1/2] fix: [farsight_passivedns] Fixed lookup_rdata_name results desclaration - Getting generator as a list as it is already the case for all the other results, so it avoids issues to read the results by accidently looping through the generator before it is actually needed, which would lose the content of the generator - Also removed print that was accidently introduced with the last commit --- misp_modules/modules/expansion/farsight_passivedns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py index c398245..ba6a25a 100755 --- a/misp_modules/modules/expansion/farsight_passivedns.py +++ b/misp_modules/modules/expansion/farsight_passivedns.py @@ -193,7 +193,7 @@ def lookup_name(client, lookup_args, name, flex): if rrset_response: response['rrset'] = rrset_response # RDATA = entries on the right-hand side of the domain name related labels - rdata_response = client.lookup_rdata_name(name, **lookup_args) + rdata_response = list(client.lookup_rdata_name(name, **lookup_args)) if rdata_response: response['rdata'] = rdata_response if flex: From a6a8978b203d2795600de69ffe3eac187385ad7d Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Tue, 30 Mar 2021 03:47:34 +0200 Subject: [PATCH 2/2] chg: [farsight_passivedns] Making first_time and last_time results human readable - We get the datetime format instead of the raw timestamp --- misp_modules/modules/expansion/farsight_passivedns.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py index ba6a25a..f39e537 100755 --- a/misp_modules/modules/expansion/farsight_passivedns.py +++ b/misp_modules/modules/expansion/farsight_passivedns.py @@ -154,7 +154,8 @@ def parse_input(attribute, config): lookup_args = { 'limit': config['limit'] if config.get('limit') else DEFAULT_LIMIT, 'offset': 0, - 'ignore_limited': True + 'ignore_limited': True, + 'humantime': True } attribute_type = attribute['type'] if attribute_type in flex_query_input: