fix: [tags] tags as notes for events - see issue #4

MISP · Feb 7, 2019 · d9ddb08 · d9ddb08
1 parent 0015cbb
commit d9ddb08
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/src/MISP_maltego/transforms/common/util.py b/src/MISP_maltego/transforms/common/util.py
@@ -154,6 +154,9 @@ def attribute_to_entity(a, link_label=None, event_tags=None):
                 # ignore all misp-galaxies
                 if t['name'].startswith('misp-galaxy'):
                     continue
+                # ignore all those we add as notes
+                if tag_matches_note_prefix(t['name']):
+                    continue
                 yield Hashtag(t['name'])
 
     notes = convert_tags_to_note(combined_tags)
@@ -309,6 +312,13 @@ def convert_tags_to_note(tags):
     return '\n'.join(notes)
 
 
+def tag_matches_note_prefix(tag):
+    for tag_note_prefix in tag_note_prefixes:
+        if tag.startswith(tag_note_prefix):
+            return True
+    return False
+
+
 def event_to_entity(e, link_style=LinkStyle.Normal):
     tags = []
     if 'Tag' in e['Event']:

diff --git a/src/MISP_maltego/transforms/eventtoattributes.py b/src/MISP_maltego/transforms/eventtoattributes.py
@@ -2,7 +2,7 @@
 from canari.maltego.transform import Transform
 # from canari.framework import EnableDebugWindow
 from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject
-from MISP_maltego.transforms.common.util import get_misp_connection, attribute_to_entity, event_to_entity, galaxycluster_to_entity, object_to_entity, object_to_attributes
+from MISP_maltego.transforms.common.util import get_misp_connection, attribute_to_entity, event_to_entity, galaxycluster_to_entity, object_to_entity, object_to_attributes, tag_matches_note_prefix
 from canari.maltego.message import LinkStyle
 
 import json
@@ -33,13 +33,17 @@ def do_transform(self, request, response, config):
         if not event_json.get('Event'):
             return response
 
+        response += event_to_entity(event_json)
         event_tags = []
         if 'Tag' in event_json['Event']:
             for t in event_json['Event']['Tag']:
                 event_tags.append(t['name'])
                 # ignore all misp-galaxies
                 if t['name'].startswith('misp-galaxy'):
                     continue
+                # ignore all those we add as notes
+                if tag_matches_note_prefix(t['name']):
+                    continue
                 response += Hashtag(t['name'])
         for g in event_json['Event']['Galaxy']:
             for c in g['GalaxyCluster']: