sfp_greynoise & sfp_greynoise_community: Remove reporting of

non-malicious entities.
n3mas1s · Nov 9, 2022 · 3ce4bd6 · 3ce4bd6
1 parent 71822ca
commit 3ce4bd6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 73 deletions.
diff --git a/modules/sfp_greynoise.py b/modules/sfp_greynoise.py
@@ -107,39 +107,21 @@ def producedEvents(self):
 
     def queryIP(self, qry, qry_type):
         gn_context_url = "https://api.greynoise.io/v2/noise/context/"
-        gn_riot_url = "https://api.greynoise.io/v2/riot/"
         gn_gnql_url = "https://api.greynoise.io/v2/experimental/gnql?query="
 
         headers = {"key": self.opts["api_key"]}
         res = {}
         if qry_type == "ip":
             self.debug(f"Querying GreyNoise for IP: {qry}")
-            ip_res = {}
-            riot_res = {}
+            res = {}
             ip_response = self.sf.fetchUrl(
                 gn_context_url + qry,
                 timeout=self.opts["_fetchtimeout"],
                 useragent="greynoise-spiderfoot-v1.2.0",
                 headers=headers,
             )
             if ip_response["code"] == "200":
-                ip_res = json.loads(ip_response["content"])
-            riot_response = self.sf.fetchUrl(
-                gn_riot_url + qry,
-                timeout=self.opts["_fetchtimeout"],
-                useragent="greynoise-spiderfoot-v1.2.0",
-                headers=headers,
-            )
-            if riot_response["code"] in ["200", "404"]:
-                riot_res = json.loads(riot_response["content"])
-
-            if ip_res and not riot_res:
-                res = ip_res
-            elif riot_res and not ip_res:
-                res = riot_res
-            else:
-                res = ip_res.copy()
-                res.update(riot_res)
+                res = json.loads(ip_response["content"])
         else:
             self.debug(f"Querying GreyNoise for Netblock: {qry}")
             query_response = self.sf.fetchUrl(
@@ -221,7 +203,7 @@ def handleEvent(self, event):
         if not ret:
             return
 
-        if "data" not in ret and "seen" not in ret and "riot" not in ret:
+        if "data" not in ret and "seen" not in ret:
             return
 
         if "data" in ret and len(ret["data"]) > 0:
@@ -326,31 +308,4 @@ def handleEvent(self, event):
                     e = SpiderFootEvent(evtType, descr, self.__name__, event)
                     self.notifyListeners(e)
 
-        if "riot" in ret:
-            if ret.get("riot", None):
-                lastseen = ret.get("last_updated", "1970-01-01")
-                lastseen = lastseen.split("T")[0]
-                lastseen_dt = datetime.strptime(lastseen, "%Y-%m-%d")
-                lastseen_ts = int(time.mktime(lastseen_dt.timetuple()))
-                age_limit_ts = int(time.time()) - (86400 * self.opts["age_limit_days"])
-                if self.opts["age_limit_days"] > 0 and lastseen_ts < age_limit_ts:
-                    self.debug("Record found but too old, skipping.")
-                    return
-
-                if ret.get("trust_level"):
-                    descr = (
-                        "GreyNoise - Common-Business Service IP Detected ["
-                        + eventData
-                        + "]\n - Trust Level: "
-                        + ret.get("trust_level")
-                    )
-                    if ret.get("name"):
-                        descr += "\n - " + "Provider Name: " + ret.get("name")
-                    if ret.get("category"):
-                        descr += "\n - " + "Provider Category: " + ret.get("category")
-                    descr += "\n<SFURL>https://viz.greynoise.io/ip/" + ret.get("ip") + "</SFURL>"
-                    e = SpiderFootEvent(evtType, descr, self.__name__, event)
-                    self.notifyListeners(e)
-
-
 # End of sfp_greynoise class
diff --git a/modules/sfp_greynoise_community.py b/modules/sfp_greynoise_community.py
@@ -146,7 +146,7 @@ def handleEvent(self, event):
         if not ret:
             return
 
-        if "data" not in ret and "noise" not in ret and "riot" not in ret:
+        if "data" not in ret and "noise" not in ret:
             return
 
         if "noise" in ret:
@@ -177,28 +177,4 @@ def handleEvent(self, event):
                     e = SpiderFootEvent(evtType, descr, self.__name__, event)
                     self.notifyListeners(e)
 
-        if "riot" in ret:
-            if ret.get("riot", None):
-                lastseen = ret.get("last_seen", "1970-01-01")
-                lastseen = lastseen.split("T")[0]
-                lastseen_dt = datetime.strptime(lastseen, "%Y-%m-%d")
-                lastseen_ts = int(time.mktime(lastseen_dt.timetuple()))
-                age_limit_ts = int(time.time()) - (86400 * self.opts["age_limit_days"])
-                if self.opts["age_limit_days"] > 0 and lastseen_ts < age_limit_ts:
-                    self.debug("Record found but too old, skipping.")
-                    return
-                e = SpiderFootEvent("RAW_RIR_DATA", str(ret), self.__name__, event)
-                self.notifyListeners(e)
-
-                if ret.get("name"):
-                    descr = (
-                            "GreyNoise - Common-Business Service IP Detected ["
-                            + eventData
-                    )
-                    descr += "\n - " + "Provider Name: " + ret.get("name")
-                descr += "\n<SFURL>https://viz.greynoise.io/ip/" + ret.get("ip") + "</SFURL>"
-                e = SpiderFootEvent(evtType, descr, self.__name__, event)
-                self.notifyListeners(e)
-
-
 # End of sfp_greynoise_community class