mstoeck3/timesketch_misp
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

progress

Browse Source
This commit is contained in:
overcuriousity 2025-07-30 22:15:14 +02:00
parent 40cd619180
commit f019b8b5c4
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
misp_analyzer.py
View File

@ -124,6 +124,7 @@ class MispAnalyzer(interface.BaseAnalyzer):
return []
try:
# For IP searches, query both ip-src and ip-dst
search_types = []
if attr.startswith("ip-"):
search_types = ["ip-src", "ip-dst"]
@ -133,7 +134,6 @@ class MispAnalyzer(interface.BaseAnalyzer):
all_results = []
for search_type in search_types:
payload = {
"returnFormat": "json",
"value": value,
@ -151,10 +151,8 @@ class MispAnalyzer(interface.BaseAnalyzer):
"includeDecayScore": False,
"includeFullModel": False,
})
logger.debug(f"Community search enabled for {value} ({search_type})")
else:
payload["distribution"] = [0]
logger.debug(f"Own org search only for {value} ({search_type})")
self.stats['api_calls'] += 1
@ -169,18 +167,10 @@ class MispAnalyzer(interface.BaseAnalyzer):
if response.status_code == 200:
data = response.json()
attributes = data.get("response", {}).get("Attribute", [])
for i, attr_data in enumerate(attributes):
event_data = attr_data.get("Event", {})
all_results.extend(attributes)
time.sleep(0.1)
unique_event_ids = set()
for attr_data in all_results:
event_id = attr_data.get("Event", {}).get("id")
if event_id:
unique_event_ids.add(event_id)
return all_results
except (requests.exceptions.Timeout, requests.exceptions.ConnectionError) as e: