MISP
/
threat-actor-intelligence-server
mirror of https://github.com/MISP/threat-actor-intelligence-server
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [query] country search added against the threat actor db 

curl --silent -d '{"country":"IR"}' -H "Content-Type: application/json" -X POST http://127.0.0.1:8889/query | jq .
pull/2/head
Alexandre Dulaunoy 2020-05-28 10:13:04 +02:00
parent 21388db009
commit d883cea43a
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
bin/tai-server.py
View File

@ -16,7 +16,7 @@ class Query(tornado.web.RequestHandler):
def post(self): def post(self):
query = json_decode(self.request.body) query = json_decode(self.request.body)
if not ('uuid' in query or 'name' in query): if not ('uuid' in query or 'name' in query or 'country' in query):
return self.write(json.dumps("'error': 'Incorrect query format'")) return self.write(json.dumps("'error': 'Incorrect query format'"))
user_agent = self.request.headers["User-Agent"] user_agent = self.request.headers["User-Agent"]
if 'uuid' in query: if 'uuid' in query:
@ -28,8 +28,13 @@ class Query(tornado.web.RequestHandler):
if query['name'].lower() not in tai_names: if query['name'].lower() not in tai_names:
result = {'error': 'Name or synomym is not known in the MISP galaxy threat-actor'} result = {'error': 'Name or synomym is not known in the MISP galaxy threat-actor'}
return self.write("{}".format(json.dumps(result))) return self.write("{}".format(json.dumps(result)))
for uuid in tai_names[query['name'].lower()]:
result = [] result = []
for uuid in tai_names[query['name'].lower()]:
result.append(tai_full[uuid])
if 'country' in query:
ta = tai_country[query['country'].lower()]
result = []
for uuid in tai_country[query['country'].lower()]:
result.append(tai_full[uuid]) result.append(tai_full[uuid])
print("Query {} from {}".format(query, user_agent)) print("Query {} from {}".format(query, user_agent))
return self.write("{}".format(json.dumps(result))) return self.write("{}".format(json.dumps(result)))
@ -68,6 +73,7 @@ with open('../misp-galaxy/clusters/threat-actor.json', 'rb') as galaxyta:
tai_full = {} tai_full = {}
tai_names = {} tai_names = {}
tai_info = {} tai_info = {}
tai_country = {}
tai_info['version'] = threat_actors['version'] tai_info['version'] = threat_actors['version']
tai_info['number_actors'] = 0 tai_info['number_actors'] = 0
@ -86,7 +92,10 @@ for threat_actor in threat_actors['values']:
tai_names[synonym.lower()] = [] tai_names[synonym.lower()] = []
tai_names[synonym.lower()].append(threat_actor['uuid']) tai_names[synonym.lower()].append(threat_actor['uuid'])
tai_info['number_synonyms'] += 1 tai_info['number_synonyms'] += 1
if 'country' in threat_actor['meta']:
if not threat_actor['meta']['country'].lower() in tai_country:
tai_country[threat_actor['meta']['country'].lower()] = []
tai_country[threat_actor['meta']['country'].lower()].append(threat_actor['uuid'])
if __name__ == "__main__": if __name__ == "__main__":
application.listen(8889) application.listen(8889)