mirror of https://github.com/MISP/misp-modules
Default distribution setting to DNSDB Objects
parent
7aa6b39da8
commit
f6c0f68263
|
@ -43,7 +43,7 @@ moduleconfig = ['apikey', 'server', 'limit', 'flex_queries']
|
||||||
|
|
||||||
DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info'
|
DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info'
|
||||||
DEFAULT_LIMIT = 10
|
DEFAULT_LIMIT = 10
|
||||||
org_distribution = '0'
|
DEFAULT_DISTRIBUTION_SETTING = '0'
|
||||||
TYPE_TO_FEATURE = {
|
TYPE_TO_FEATURE = {
|
||||||
"btc": "Bitcoin address",
|
"btc": "Bitcoin address",
|
||||||
"dkim": "domainkeys identified mail",
|
"dkim": "domainkeys identified mail",
|
||||||
|
@ -103,7 +103,7 @@ class FarsightDnsdbParser():
|
||||||
comment = self.comment % (query_type, TYPE_TO_FEATURE[self.attribute['type']], self.attribute['value'])
|
comment = self.comment % (query_type, TYPE_TO_FEATURE[self.attribute['type']], self.attribute['value'])
|
||||||
for result in results:
|
for result in results:
|
||||||
passivedns_object = MISPObject('passive-dns')
|
passivedns_object = MISPObject('passive-dns')
|
||||||
passivedns_object.distribution = org_distribution
|
passivedns_object.distribution = DEFAULT_DISTRIBUTION_SETTING
|
||||||
if result.get('rdata') and isinstance(result['rdata'], list):
|
if result.get('rdata') and isinstance(result['rdata'], list):
|
||||||
for rdata in result.pop('rdata'):
|
for rdata in result.pop('rdata'):
|
||||||
passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata))
|
passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata))
|
||||||
|
@ -122,7 +122,7 @@ class FarsightDnsdbParser():
|
||||||
return {'results': results}
|
return {'results': results}
|
||||||
|
|
||||||
def _parse_attribute(self, comment, feature, value):
|
def _parse_attribute(self, comment, feature, value):
|
||||||
attribute = {'value': value, 'comment': comment, 'distribution': org_distribution}
|
attribute = {'value': value, 'comment': comment, 'distribution': DEFAULT_DISTRIBUTION_SETTING}
|
||||||
attribute.update(self.passivedns_mapping[feature])
|
attribute.update(self.passivedns_mapping[feature])
|
||||||
return attribute
|
return attribute
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue