MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
Modules for expansion services, import and export in MISP http://misp.github.io/misp-modules
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1403 Commits
24 Branches
23 Tags
11 MiB
 
 
 
 
Tree: 04685ea63e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '04685ea63e'
${ noResults }
misp-modules/misp_modules/modules/import_mod/joe_import.py

64 lines
1.5 KiB
Raw Blame History

# -*- coding: utf-8 -*-
import base64
import json
from joe_parser import JoeParser
misperrors = {'error': 'Error'}
userConfig = {
"Import PE": {
"type": "Boolean",
"message": "Import PE Information",
},
"Mitre Att&ck" : {
"type": "Boolean",
"message": "Import Mitre Att&ck techniques",
},
}
inputSource = ['file']
moduleinfo = {'version': '0.2', 'author': 'Christian Studer',
'description': 'Import for Joe Sandbox JSON reports',
'module-type': ['import']}
moduleconfig = []
def handler(q=False):
if q is False:
return False
q = json.loads(q)
config = {
"import_pe": bool(int(q["config"]["Import PE"])),
"mitre_attack": bool(int(q["config"]["Mitre Att&ck"])),
}
data = base64.b64decode(q.get('data')).decode('utf-8')
if not data:
return json.dumps({'success': 0})
joe_parser = JoeParser(config)
joe_parser.parse_data(json.loads(data)['analysis'])
joe_parser.finalize_results()
return {'results': joe_parser.results}
def introspection():
modulesetup = {}
try:
userConfig
modulesetup['userConfig'] = userConfig
except NameError:
pass
try:
inputSource
modulesetup['inputSource'] = inputSource
except NameError:
pass
modulesetup['format'] = 'misp_standard'
return modulesetup
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo