Skip to content

Commit

Permalink
[misp-import-file] Create the connector (#1292)
Browse files Browse the repository at this point in the history
  • Loading branch information
@SamuelHassine
SamuelHassine committed Sep 4, 2024
1 parent ce968f9 commit ec6b6e1
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 13 deletions.
15 changes: 13 additions & 2 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,7 +350,7 @@ jobs:
name: Build Docker image opencti/connector-group-ib
command: docker build -t opencti/connector-group-ib:latest . && docker tag opencti/connector-group-ib:latest opencti/connector-group-ib:${CIRCLE_TAG}
- run:
working_directory: ~/opencti/external-import/first-epss
working_directory: ~/opencti/internal-enrichment/first-epss
name: Build Docker image opencti/connector-first-epss
command: docker build -t opencti/connector-first-epss:latest . && docker tag opencti/connector-first-epss:latest opencti/connector-first-epss:${CIRCLE_TAG}
- run:
Expand Down Expand Up @@ -775,6 +775,10 @@ jobs:
working_directory: ~/opencti/internal-enrichment/reversinglabs-spectra-intel-submission
name: Build Docker image opencti/connector-reversinglabs-spectra-intel-submission
command: docker build -t opencti/connector-reversinglabs-spectra-intel-submission:latest . && docker tag opencti/connector-reversinglabs-spectra-intel-submission:latest opencti/connector-reversinglabs-spectra-intel-submission:${CIRCLE_TAG}
- run:
working_directory: ~/opencti/internal-import-file/import-file-misp
name: Build Docker image opencti/connector-import-file-misp
command: docker build -t opencti/connector-import-file-misp:latest . && docker tag opencti/connector-import-file-misp:latest opencti/connector-import-file-misp:${CIRCLE_TAG}
- run:
name: Publish Docker Image to Docker Hub
command: |
Expand Down Expand Up @@ -909,6 +913,8 @@ jobs:
docker push opencti/connector-webhook:${CIRCLE_TAG}
docker push opencti/connector-reversinglabs-spectra-intel-submission:latest
docker push opencti/connector-reversinglabs-spectra-intel-submission:${CIRCLE_TAG}
docker push opencti/connector-import-file-misp:latest
docker push opencti/connector-import-file-misp:${CIRCLE_TAG}
- slack/notify:
event: fail
template: basic_fail_1
Expand Down Expand Up @@ -1252,7 +1258,7 @@ jobs:
name: Build Docker image opencti/connector-group-ib
command: docker build -t opencti/connector-group-ib:rolling .
- run:
working_directory: ~/opencti/external-import/first-epss
working_directory: ~/opencti/internal-enrichment/first-epss
name: Build Docker image opencti/connector-first-epss
command: docker build -t opencti/connector-first-epss:rolling .
- run:
Expand Down Expand Up @@ -1611,6 +1617,10 @@ jobs:
working_directory: ~/opencti/internal-enrichment/reversinglabs-spectra-intel-submission
name: Build Docker image opencti/connector-reversinglabs-spectra-intel-submission
command: docker build -t opencti/connector-reversinglabs-spectra-intel-submission:rolling .
- run:
working_directory: ~/opencti/internal-import-file/import-file-misp
name: Build Docker image opencti/connector-import-file-misp
command: docker build -t opencti/connector-import-file-misp:rolling .
- run:
name: Publish Docker Image to Docker Hub
command: |
Expand Down Expand Up @@ -1681,6 +1691,7 @@ jobs:
docker push opencti/connector-jira:rolling
docker push opencti/connector-webhook:rolling
docker push opencti/connector-reversinglabs-spectra-intel-submission:rolling
docker push opencti/connector-import-file-misp:rolling
- slack/notify:
event: fail
template: basic_fail_1
Expand Down
2 changes: 0 additions & 2 deletions external-import/misp-feed/src/config.yml.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ connector:
type: 'EXTERNAL_IMPORT'
name: 'MISP Feed'
scope: 'misp-feed'
confidence_level: 20 # From 0 (Unknown) to 100 (Fully trusted)
update_existing_data: false
run_and_terminate: false
log_level: 'info'

Expand Down
6 changes: 5 additions & 1 deletion external-import/misp-feed/src/misp-feed.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -874,7 +874,11 @@ def _resolve_type(self, type, value):
else:
return None
else:
if resolved_types[0] == "ipv4-addr":
if (
"resolver" in resolved_types[0]
and resolved_types[0]["resolver"] == "ipv4-addr"
or resolved_types[0] == "ipv4-addr"
):
resolver_0 = self._detect_ip_version(value)
type_0 = self._detect_ip_version(value, True)
else:
Expand Down
6 changes: 5 additions & 1 deletion external-import/misp/src/misp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2192,7 +2192,11 @@ def resolve_type(self, type, value):
else:
return None
else:
if resolved_types[0]["resolver"] == "ipv4-addr":
if (
"resolver" in resolved_types[0]
and resolved_types[0]["resolver"] == "ipv4-addr"
or resolved_types[0] == "ipv4-addr"
):
resolver_0 = self.detect_ip_version(value)
type_0 = self.detect_ip_version(value, True)
else:
Expand Down
8 changes: 1 addition & 7 deletions internal-import-file/import-file-stix/src/import-file-stix.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
import os
import sys
import time
import uuid
from typing import Dict, List

import yaml
Expand Down Expand Up @@ -44,12 +43,7 @@ def _process_message(self, data: Dict) -> str:
"No container in Stix file. Updating current container"
)
bundle = self._update_container(bundle, entity_id)
bundle = {
"type": "bundle",
"id": "bundle--" + str(uuid.uuid4()),
"objects": bundle,
}
file_content = json.dumps(bundle)
file_content = self.helper.stix2_create_bundle(bundle)
bundles_sent = self.helper.send_stix2_bundle(
file_content,
bypass_validation=bypass_validation,
Expand Down

0 comments on commit ec6b6e1

Please sign in to comment.