MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Stiximport will now consume campaigns

pull/41/head
Hannah Ward 2016-08-12 11:34:43 +01:00
parent 598a030962
commit faddf8378e
No known key found for this signature in database
GPG Key ID: BA89E572EE1B4C5F
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
misp_modules/modules/expansion/stiximport.py
View File

@ -50,11 +50,43 @@ def handler(q=False):
if package.indicators:
for ind in package.indicators:
r["results"].append(buildIndicator(ind))
if package.exploit_targets:
for et in package.exploit_targets:
r["results"].append(buildExploitTarget(et))
if package.campaigns:
for cpn in package.campaigns:
r["results"].append(buildCampaign(cpn))
#Clean up results
#Don't send on anything that didn't have a value
r["results"] = [x for x in r["results"] if len(x["values"]) != 0]
return r
#Quick and dirty regex for IP addresses
ipre = re.compile("([0-9]{1,3}.){3}[0-9]{1,3}")
def buildCampaign(cpn):
"""
Extract a campaign name
"""
return {"values":[cpn.title], "types":["campaign-name"]}
def buildExploitTarget(et):
"""
Extract CVEs from exploit targets
"""
r = {"values":[], "types":["vulnerability"]}
if et.vulnerabilities:
for v in et.vulnerabilities:
if v.cve_id:
r["values"].append(v.cve_id)
return r
def identifyHash(hsh):
"""
What's that hash!?