forked from MISP/misp-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
backscatter_io.py
74 lines (63 loc) · 2.29 KB
/
backscatter_io.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# -*- coding: utf-8 -*-
"""Backscatter.io Module."""
import json
try:
from backscatter import Backscatter
except ImportError:
print("Backscatter.io library not installed.")
misperrors = {'error': 'Error'}
mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['freetext']}
moduleinfo = {'version': '1', 'author': '[email protected]',
'description': 'Backscatter.io module to bring mass-scanning observations into MISP.',
'module-type': ['expansion', 'hover']}
moduleconfig = ['api_key']
query_playbook = [
{'inputs': ['ip-src', 'ip-dst'],
'services': ['observations', 'enrichment'],
'name': 'generic'}
]
def check_query(request):
"""Check the incoming request for a valid configuration."""
output = {'success': False}
config = request.get('config', None)
if not config:
misperrors['error'] = "Configuration is missing from the request."
return output
for item in moduleconfig:
if config.get(item, None):
continue
misperrors['error'] = "Backscatter.io authentication is missing."
return output
if not request.get('ip-src') and request.get('ip-dst'):
misperrors['error'] = "Unsupported attributes type."
return output
profile = {'success': True, 'config': config, 'playbook': 'generic'}
if 'ip-src' in request:
profile.update({'value': request.get('ip-src')})
else:
profile.update({'value': request.get('ip-dst')})
return profile
def handler(q=False):
"""Handle gathering data."""
if not q:
return q
request = json.loads(q)
checks = check_query(request)
if not checks['success']:
return misperrors
try:
bs = Backscatter(checks['config']['api_key'])
response = bs.get_observations(query=checks['value'], query_type='ip')
if not response['success']:
misperrors['error'] = '%s: %s' % (response['error'], response['message'])
return misperrors
output = {'results': [{'types': mispattributes['output'], 'values': [str(response)]}]}
except Exception as e:
misperrors['error'] = str(e)
return misperrors
return output
def introspection():
return mispattributes
def version():
moduleinfo['config'] = moduleconfig
return moduleinfo