new: in MISP? machine fixes #8

MISP · Feb 8, 2019 · cb485d6 · cb485d6
1 parent 35a2ed4
commit cb485d6
Show file tree

Hide file tree

Showing 2 changed files with 119 additions and 0 deletions.
diff --git a/src/MISP_maltego/resources/maltego/misp_inMISP.machine b/src/MISP_maltego/resources/maltego/misp_inMISP.machine
@@ -0,0 +1,24 @@
+machine("misp.inMISP", 
+        displayName:"in MISP?", 
+        author:"Christophe Vandeplas",
+        description: "Bookmarks in GREEN data that is in MISP") {
+    start {
+        paths {
+            run("MISP_maltego.AliasInMISP")
+            run("MISP_maltego.ASInMISP")
+            run("MISP_maltego.CompanyInMISP")
+            run("MISP_maltego.DNSNameInMISP")
+            run("MISP_maltego.DomainInMISP")
+            run("MISP_maltego.EmailAddressInMISP")
+            run("MISP_maltego.FileInMISP")
+            run("MISP_maltego.HashInMISP")
+            run("MISP_maltego.HashtagInMISP")
+            run("MISP_maltego.IPv4AddressInMISP")
+            run("MISP_maltego.NSRecordInMISP")
+            run("MISP_maltego.PhoneNumberInMISP")
+            run("MISP_maltego.TwitterInMISP")
+            run("MISP_maltego.URLInMISP")
+            run("MISP_maltego.WebsiteInMISP")
+        }
+    }
+}
diff --git a/src/MISP_maltego/transforms/attributetoevent.py b/src/MISP_maltego/transforms/attributetoevent.py
@@ -15,6 +15,26 @@
 __status__ = 'Development'
 
 
+# @EnableDebugWindow
+class AttributeInMISP(Transform):
+    """This method puts a green bookmark on each of the Entities that are present in the MISP database"""
+    display_name = 'in MISP?'
+    input_type = None
+
+    def do_transform(self, request, response, config):
+        maltego_misp_attribute = request.entity
+        misp = get_misp_connection(config)
+        events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)
+        in_misp = False
+        for e in events_json['response']:
+            in_misp = True
+            break
+        if in_misp:
+            request.entity.bookmark = Bookmark.Green
+            response += request.entity
+        return response
+
+
 # @EnableDebugWindow
 class AttributeToEvent(Transform):
     # The transform input entity type.
@@ -102,3 +122,78 @@ class TwitterToEvent(AttributeToEvent):
 
 class CompanyToEvent(AttributeToEvent):
     input_type = Company
+
+
+class HashInMISP(AttributeInMISP):
+    display_name = 'Hash in MISP?'
+    input_type = Hash
+
+
+class DomainInMISP(AttributeInMISP):
+    display_name = 'Domain in MISP?'
+    input_type = Domain
+
+
+class IPv4AddressInMISP(AttributeInMISP):
+    display_name = 'IPv4Address in MISP?'
+    input_type = IPv4Address
+
+
+class URLInMISP(AttributeInMISP):
+    display_name = 'URL in MISP?'
+    input_type = URL
+
+
+class DNSNameInMISP(AttributeInMISP):
+    display_name = 'DNSName in MISP?'
+    input_type = DNSName
+
+
+class ASInMISP(AttributeInMISP):
+    display_name = 'AS in MISP?'
+    input_type = AS
+
+
+class WebsiteInMISP(AttributeInMISP):
+    display_name = 'Website in MISP?'
+    input_type = Website
+
+
+class NSRecordInMISP(AttributeInMISP):
+    display_name = 'NSRecord in MISP?'
+    input_type = NSRecord
+
+
+class PhoneNumberInMISP(AttributeInMISP):
+    display_name = 'PhoneNumber in MISP?'
+    input_type = PhoneNumber
+
+
+class EmailAddressInMISP(AttributeInMISP):
+    display_name = 'EmailAddress in MISP?'
+    input_type = EmailAddress
+
+
+class FileInMISP(AttributeInMISP):
+    display_name = 'File in MISP?'
+    input_type = File
+
+
+class HashtagInMISP(AttributeInMISP):
+    display_name = 'Hashtag in MISP?'
+    input_type = Hashtag
+
+
+class AliasInMISP(AttributeInMISP):
+    display_name = 'Alias in MISP?'
+    input_type = Alias
+
+
+class TwitterInMISP(AttributeInMISP):
+    display_name = 'Twitter in MISP?'
+    input_type = Twitter
+
+
+class CompanyInMISP(AttributeInMISP):
+    display_name = 'Company in MISP?'
+    input_type = Company