mirror of https://github.com/MISP/misp-modules
Modules for expansion services, import and export in MISP
http://misp.github.io/misp-modules
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 lines
1.4 KiB
61 lines
1.4 KiB
import json |
|
import base64 |
|
|
|
misperrors = {'error': 'Error'} |
|
userConfig = { }; |
|
|
|
inputSource = ['file'] |
|
|
|
moduleinfo = {'version': '0.1', 'author': 'Richard van den Berg', |
|
'description': 'MISP JSON format import module for merging MISP events', |
|
'module-type': ['import']} |
|
|
|
moduleconfig = [] |
|
|
|
|
|
def handler(q=False): |
|
if q is False: |
|
return False |
|
r = {'results': []} |
|
request = json.loads(q) |
|
try: |
|
mfile = base64.b64decode(request["data"]).decode('utf-8') |
|
misp = json.loads(mfile) |
|
event = misp['response'][0]['Event'] |
|
for a in event["Attribute"]: |
|
tmp = {} |
|
tmp["values"] = a["value"] |
|
tmp["categories"] = a["category"] |
|
tmp["types"] = a["type"] |
|
tmp["to_ids"] = a["to_ids"] |
|
tmp["comment"] = a["comment"] |
|
if a.get("data"): |
|
tmp["data"] = a["data"] |
|
r['results'].append(tmp) |
|
except: |
|
pass |
|
return r |
|
|
|
def introspection(): |
|
modulesetup = {} |
|
try: |
|
userConfig |
|
modulesetup['userConfig'] = userConfig |
|
except NameError: |
|
pass |
|
try: |
|
inputSource |
|
modulesetup['inputSource'] = inputSource |
|
except NameError: |
|
pass |
|
return modulesetup |
|
|
|
|
|
def version(): |
|
moduleinfo['config'] = moduleconfig |
|
return moduleinfo |
|
|
|
if __name__ == '__main__': |
|
x = open('test.json', 'r') |
|
r = handler(q=x.read()) |
|
print(json.dumps(r))
|
|
|