mirror of https://github.com/MISP/misp-modules
commit
f62ca53e90
|
@ -21,7 +21,7 @@ domaintools_api
|
||||||
pygeoip
|
pygeoip
|
||||||
bs4
|
bs4
|
||||||
oauth2
|
oauth2
|
||||||
yara-python
|
yara-python==3.8.0
|
||||||
sigmatools
|
sigmatools
|
||||||
stix2-patterns
|
stix2-patterns
|
||||||
maclookup
|
maclookup
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
import json
|
import json
|
||||||
import re
|
import re
|
||||||
|
try:
|
||||||
|
import yara
|
||||||
|
except (OSError, ImportError):
|
||||||
|
print("yara is missing, use 'pip3 install -I -r REQUIREMENTS' from the root of this repository to install it.")
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
moduleinfo = {'version': '1', 'author': 'Christian STUDER',
|
moduleinfo = {'version': '1', 'author': 'Christian STUDER',
|
||||||
|
@ -30,7 +34,12 @@ def handler(q=False):
|
||||||
rule_start = 'import "hash" \r\nrule %s_%s {' % (attribute_type.upper(), re.sub(r'\W+', '_', uuid)) if uuid else 'import "hash"\r\nrule %s {' % attribute_type.upper()
|
rule_start = 'import "hash" \r\nrule %s_%s {' % (attribute_type.upper(), re.sub(r'\W+', '_', uuid)) if uuid else 'import "hash"\r\nrule %s {' % attribute_type.upper()
|
||||||
condition = '\tcondition:\r\n\t\t{}'.format(condition)
|
condition = '\tcondition:\r\n\t\t{}'.format(condition)
|
||||||
rule = '\r\n'.join([rule_start, condition, '}'])
|
rule = '\r\n'.join([rule_start, condition, '}'])
|
||||||
return {'results': [{'types': mispattributes['output'], 'values': [rule]}]}
|
try:
|
||||||
|
yara.compile(source=rule)
|
||||||
|
except Exception as e:
|
||||||
|
misperrors['error'] = 'Syntax error: {}'.format(e)
|
||||||
|
return misperrors
|
||||||
|
return {'results': [{'types': mispattributes['output'], 'values': rule}]}
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
return mispattributes
|
return mispattributes
|
||||||
|
|
|
@ -3,7 +3,7 @@ import requests
|
||||||
try:
|
try:
|
||||||
import yara
|
import yara
|
||||||
except (OSError, ImportError):
|
except (OSError, ImportError):
|
||||||
print("yara is missing, use 'pip3 install yara' to install it.")
|
print("yara is missing, use 'pip3 install -I -r REQUIREMENTS' from the root of this repository to install it.")
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['yara'], 'output': ['text']}
|
mispattributes = {'input': ['yara'], 'output': ['text']}
|
||||||
|
|
Loading…
Reference in New Issue