NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commit16138fe

committed

gis-9379 fix

1 parente078abf commit16138feCopy full SHA for 16138fe

File tree

2 files changed

+15

-8

lines changed

uncoder-core/app/translator
- core
  - parser_cti.py
- tools
  - const.py

2 files changed

+15

-8

lines changed

`‎uncoder-core/app/translator/core/parser_cti.py‎`

Lines changed: 11 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -52,13 +52,20 @@ def get_iocs_from_string(`
`52`	`52`	`include_source_ip:Optional[bool]=False,`
`53`	`53`	`)->dict:`
`54`	`54`	`iocs=Iocs()`
`55`		`-string=self.replace_dots_hxxp(string,ioc_parsing_rules)`
`56`	`55`	`ifnotinclude_ioc_typesor"ip"ininclude_ioc_types:`
`57`	`56`	`iocs.ip.extend(self._find_all_str_by_regex(string,IP_IOC_REGEXP_PATTERN))`
`58`	`57`	`ifnotinclude_ioc_typesor"domain"ininclude_ioc_types:`
`59`		`-iocs.domain.extend(self._find_all_str_by_regex(string,DOMAIN_IOC_REGEXP_PATTERN))`
	`58`	`+fordomaininself._find_all_str_by_regex(string,DOMAIN_IOC_REGEXP_PATTERN):`
	`59`	`+fordomain_valindomain:`
	`60`	`+ifdomain_val:`
	`61`	`+iocs.domain.extend(self.replace_dots_hxxp(domain_val))`
`60`	`62`	`ifnotinclude_ioc_typesor"url"ininclude_ioc_types:`
`61`		`-iocs.url.extend([url.rstrip(".")forurlinself._find_all_str_by_regex(string,URL_IOC_REGEXP_PATTERN)])`
	`63`	`+iocs.url.extend(`
	`64`	`+ [`
	`65`	`+self.replace_dots_hxxp(url).rstrip(".")`
	`66`	`+forurlinself._find_all_str_by_regex(string,URL_IOC_REGEXP_PATTERN)`
	`67`	`+ ]`
	`68`	`+ )`
`62`	`69`	`ifnotinclude_ioc_typesor"hash"ininclude_ioc_types:`
`63`	`70`	`ifnotinclude_hash_types:`
`64`	`71`	`include_hash_types=list(hash_regexes.keys())`
`@@ -74,7 +81,7 @@ def get_iocs_from_string(`
`74`	`81`	`raiseIocsLimitExceededException(f"IOCs count{total_count} exceeds limit{limit}.")`
`75`	`82`	`returniocs.return_iocs(include_source_ip)`
`76`	`83`
`77`		`-defreplace_dots_hxxp(self,string:str,ioc_parsing_rules:Optional[list[IocParsingRule]])->str:`
	`84`	`+defreplace_dots_hxxp(self,string:str,ioc_parsing_rules:Optional[list[IocParsingRule]]=None)->str:`
`78`	`85`	`ifioc_parsing_rulesisNoneor"replace_dots"inioc_parsing_rules:`
`79`	`86`	`string=self._replace_dots(string)`
`80`	`87`	`ifioc_parsing_rulesisNoneor"replace_hxxp"inioc_parsing_rules:`

`‎uncoder-core/app/translator/tools/const.py‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,11 +6,11 @@`
`6`	`6`
`7`	`7`	`IOCType=Literal["ip","domain","url","hash"]`
`8`	`8`	`HashType=Literal["md5","sha1","sha256","sha512"]`
`9`		`-IocParsingRule=Literal["replace_dots","remove_private_and_reserved_ips","replace_hxxp"]`
	`9`	`+IocParsingRule=Literal["remove_private_and_reserved_ips"]`
`10`	`10`
`11`	`11`	`DefaultIOCType=list(get_args(IOCType))`
`12`	`12`	`DefaultHashType=list(get_args(HashType))`
`13`		`-DefaultIocParsingRule=list(get_args(Literal["remove_private_and_reserved_ips"]))`
	`13`	`+DefaultIocParsingRule=list(get_args(IocParsingRule))`
`14`	`14`
`15`	`15`	`HASH_MAP= {"md5":"HashMd5","sha1":"HashSha1","sha256":"HashSha256","sha512":"HashSha512"}`
`16`	`16`
`@@ -22,10 +22,10 @@`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`LOGSOURCE_MAP= {`
`25`		`-"hash": {"category":"process_creation"},`
	`25`	`+"hash": {"category":"file_event"},`
`26`	`26`	`"domain": {"category":"proxy"},`
`27`	`27`	`"url": {"category":"proxy"},`
`28`		`-"ip": {"category":"proxy"},`
	`28`	`+"ip": {"category":"firewall"},`
`29`	`29`	`"emails": {"category":"mail"},`
`30`	`30`	`"files": {"category":"file_event"},`
`31`	`31`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit16138fe

File tree

2 files changed

2 files changed

`‎uncoder-core/app/translator/core/parser_cti.py‎`

`‎uncoder-core/app/translator/tools/const.py‎`

0 commit comments