misp-modules/misp_modules/modules/expansion/backscatter_io.py

# -*- coding: utf-8 -*-
"""Backscatter.io Module."""
import json
try:
    from backscatter import Backscatter
except ImportError:
    print("Backscatter.io library not installed.")

misperrors = {'error': 'Error'}
mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['freetext']}
moduleinfo = {'version': '1', 'author': 'brandon@backscatter.io',
              'description': 'Backscatter.io module to bring mass-scanning observations into MISP.',
              'module-type': ['expansion', 'hover']}
moduleconfig = ['api_key']
query_playbook = [
    {'inputs': ['ip-src', 'ip-dst'],
     'services': ['observations', 'enrichment'],
     'name': 'generic'}
]


def check_query(request):
    """Check the incoming request for a valid configuration."""
    output = {'success': False}
    config = request.get('config', None)
    if not config:
        misperrors['error'] = "Configuration is missing from the request."
        return output
    for item in moduleconfig:
        if config.get(item, None):
            continue
        misperrors['error'] = "Backscatter.io authentication is missing."
        return output
    if not request.get('ip-src') and request.get('ip-dst'):
        misperrors['error'] = "Unsupported attributes type."
        return output
    profile = {'success': True, 'config': config, 'playbook': 'generic'}
    if 'ip-src' in request:
        profile.update({'value': request.get('ip-src')})
    else:
        profile.update({'value': request.get('ip-dst')})
    return profile


def handler(q=False):
    """Handle gathering data."""
    if not q:
        return q
    request = json.loads(q)
    checks = check_query(request)
    if not checks['success']:
        return misperrors

    try:
        bs = Backscatter(checks['config']['api_key'])
        response = bs.get_observations(query=checks['value'], query_type='ip')
        if not response['success']:
            misperrors['error'] = '%s: %s' % (response['error'], response['message'])
            return misperrors
        output = {'results': [{'types': mispattributes['output'], 'values': [str(response)]}]}
    except Exception as e:
        misperrors['error'] = str(e)
        return misperrors

    return output


def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo