mstoeck3/timesketch_misp
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

progress

Browse Source
This commit is contained in:
overcuriousity 2025-07-30 22:15:14 +02:00
parent 40cd619180
commit f019b8b5c4
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
misp_analyzer.py
View File

@ -124,6 +124,7 @@ class MispAnalyzer(interface.BaseAnalyzer):
return [] return []
try: try:
# For IP searches, query both ip-src and ip-dst
search_types = [] search_types = []
if attr.startswith("ip-"): if attr.startswith("ip-"):
search_types = ["ip-src", "ip-dst"] search_types = ["ip-src", "ip-dst"]
@ -133,7 +134,6 @@ class MispAnalyzer(interface.BaseAnalyzer):
all_results = [] all_results = []
for search_type in search_types: for search_type in search_types:
payload = { payload = {
"returnFormat": "json", "returnFormat": "json",
"value": value, "value": value,
@ -151,10 +151,8 @@ class MispAnalyzer(interface.BaseAnalyzer):
"includeDecayScore": False, "includeDecayScore": False,
"includeFullModel": False, "includeFullModel": False,
}) })
logger.debug(f"Community search enabled for {value} ({search_type})")
else: else:
payload["distribution"] = [0] payload["distribution"] = [0]
logger.debug(f"Own org search only for {value} ({search_type})")
self.stats['api_calls'] += 1 self.stats['api_calls'] += 1
@ -169,18 +167,10 @@ class MispAnalyzer(interface.BaseAnalyzer):
if response.status_code == 200: if response.status_code == 200:
data = response.json() data = response.json()
attributes = data.get("response", {}).get("Attribute", []) attributes = data.get("response", {}).get("Attribute", [])
for i, attr_data in enumerate(attributes):
event_data = attr_data.get("Event", {})
all_results.extend(attributes) all_results.extend(attributes)
time.sleep(0.1) time.sleep(0.1)
unique_event_ids = set()
for attr_data in all_results:
event_id = attr_data.get("Event", {}).get("id")
if event_id:
unique_event_ids.add(event_id)
return all_results return all_results
except (requests.exceptions.Timeout, requests.exceptions.ConnectionError) as e: except (requests.exceptions.Timeout, requests.exceptions.ConnectionError) as e: