From f019b8b5c4b8fed2c19e6e179ad180a694b7fbd9 Mon Sep 17 00:00:00 2001 From: overcuriousity Date: Wed, 30 Jul 2025 22:15:14 +0200 Subject: [PATCH] progress --- misp_analyzer.py | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/misp_analyzer.py b/misp_analyzer.py index 163b1f6..f166904 100644 --- a/misp_analyzer.py +++ b/misp_analyzer.py @@ -124,6 +124,7 @@ class MispAnalyzer(interface.BaseAnalyzer): return [] try: + # For IP searches, query both ip-src and ip-dst search_types = [] if attr.startswith("ip-"): search_types = ["ip-src", "ip-dst"] @@ -133,7 +134,6 @@ class MispAnalyzer(interface.BaseAnalyzer): all_results = [] for search_type in search_types: - payload = { "returnFormat": "json", "value": value, @@ -151,10 +151,8 @@ class MispAnalyzer(interface.BaseAnalyzer): "includeDecayScore": False, "includeFullModel": False, }) - logger.debug(f"Community search enabled for {value} ({search_type})") else: payload["distribution"] = [0] - logger.debug(f"Own org search only for {value} ({search_type})") self.stats['api_calls'] += 1 @@ -169,18 +167,10 @@ class MispAnalyzer(interface.BaseAnalyzer): if response.status_code == 200: data = response.json() attributes = data.get("response", {}).get("Attribute", []) - for i, attr_data in enumerate(attributes): - event_data = attr_data.get("Event", {}) all_results.extend(attributes) time.sleep(0.1) - unique_event_ids = set() - for attr_data in all_results: - event_id = attr_data.get("Event", {}).get("id") - if event_id: - unique_event_ids.add(event_id) - return all_results except (requests.exceptions.Timeout, requests.exceptions.ConnectionError) as e: