mstoeck3/timesketch_misp
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

misp_analyzer.py aktualisiert

Browse Source
This commit is contained in:
Mario Stöckl 2025-07-30 13:57:13 +00:00
parent f52710cfb6
commit ce289041ba
1 changed files with 5 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
misp_analyzer.py
View File

@ -61,43 +61,31 @@ class MispAnalyzer(interface.BaseAnalyzer):
"query_string": "md5_hash:*",
"attr": "md5",
"timesketch_attr": "md5_hash",
"include_community": False, # Start with own org only
"include_community": True,
},
{
"query_string": "sha1_hash:*",
"attr": "sha1",
"timesketch_attr": "sha1_hash",
"include_community": False,
"include_community": True,
},
{
"query_string": "sha256_hash:*",
"attr": "sha256",
"timesketch_attr": "sha256_hash",
"include_community": False,
"include_community": True,
},
{
"query_string": "filename:*",
"attr": "filename",
"timesketch_attr": "filename",
"include_community": False,
},
{
"query_string": "message:*",
"attr": "ip-src",
"timesketch_attr": "message",
"include_community": False,
},
{
"query_string": "message:*",
"attr": "ip-dst",
"timesketch_attr": "message",
"include_community": False,
"include_community": True,
},
{
"query_string": "source_ip:*",
"attr": "ip-src",
"timesketch_attr": "source_ip",
"include_community": False,
"include_community": True,
},
]
return to_query