mirror of https://github.com/MISP/misp-modules
Modules for expansion services, import and export in MISP
http://misp.github.io/misp-modules
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
1.5 KiB
64 lines
1.5 KiB
# -*- coding: utf-8 -*- |
|
import base64 |
|
import json |
|
from joe_parser import JoeParser |
|
|
|
misperrors = {'error': 'Error'} |
|
userConfig = { |
|
"Import PE": { |
|
"type": "Boolean", |
|
"message": "Import PE Information", |
|
}, |
|
"Mitre Att&ck" : { |
|
"type": "Boolean", |
|
"message": "Import Mitre Att&ck techniques", |
|
}, |
|
} |
|
|
|
inputSource = ['file'] |
|
|
|
moduleinfo = {'version': '0.2', 'author': 'Christian Studer', |
|
'description': 'Import for Joe Sandbox JSON reports', |
|
'module-type': ['import']} |
|
|
|
moduleconfig = [] |
|
|
|
|
|
def handler(q=False): |
|
if q is False: |
|
return False |
|
q = json.loads(q) |
|
config = { |
|
"import_pe": bool(int(q["config"]["Import PE"])), |
|
"mitre_attack": bool(int(q["config"]["Mitre Att&ck"])), |
|
} |
|
|
|
data = base64.b64decode(q.get('data')).decode('utf-8') |
|
if not data: |
|
return json.dumps({'success': 0}) |
|
|
|
joe_parser = JoeParser(config) |
|
joe_parser.parse_data(json.loads(data)['analysis']) |
|
joe_parser.finalize_results() |
|
return {'results': joe_parser.results} |
|
|
|
|
|
def introspection(): |
|
modulesetup = {} |
|
try: |
|
userConfig |
|
modulesetup['userConfig'] = userConfig |
|
except NameError: |
|
pass |
|
try: |
|
inputSource |
|
modulesetup['inputSource'] = inputSource |
|
except NameError: |
|
pass |
|
modulesetup['format'] = 'misp_standard' |
|
return modulesetup |
|
|
|
|
|
def version(): |
|
moduleinfo['config'] = moduleconfig |
|
return moduleinfo
|
|
|