Skip to content

Commit c51dfe7

Browse files
nazargesyknazargesyk
authored
Merge pull request #30 from UncoderIO/iocs_source_ip_support
Added source_ip support for Ioc`s
2 parents c940ca4 + 190db02 commit c51dfe7

File tree

3 files changed

+31
-24
lines changed

3 files changed

+31
-24
lines changed

translator/app/translator/const.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,6 @@
55

66
CTI_MIN_LIMIT_QUERY = 10000
77

8+
CTI_IOCS_PER_QUERY_LIMIT = 25
9+
810
DEFAULT_VALUE_TYPE = Union[Union[int, str, List[int], List[str]]]

translator/app/translator/core/parser_cti.py

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,12 @@ def get_total_count(self) -> int:
2121
hash_len += len(value)
2222
return len(self.ip) + len(self.url) + len(self.domain) + hash_len
2323

24-
def return_iocs(self) -> dict:
24+
def return_iocs(self, include_source_ip: bool = False) -> dict:
2525
if all(not value for value in [self.ip, self.url, self.domain, self.hash_dict]):
2626
raise EmptyIOCSException()
2727
result = {"DestinationIP": self.ip, "URL": self.url, "Domain": self.domain}
28+
if include_source_ip:
29+
result["SourceIP"] = self.ip
2830
for key, value in self.hash_dict.items():
2931
result[HASH_MAP[key]] = value
3032
return result
@@ -33,14 +35,15 @@ def return_iocs(self) -> dict:
3335
class CTIParser:
3436

3537
def get_iocs_from_string(
36-
self,
37-
string: str,
38-
include_ioc_types: Optional[List[IOCType]] = None,
39-
include_hash_types: Optional[List[HashType]] = None,
40-
exceptions: Optional[List[str]] = None,
41-
ioc_parsing_rules: Optional[List[IocParsingRule]] = None,
42-
limit: Optional[int] = None
43-
) -> Iocs:
38+
self,
39+
string: str,
40+
include_ioc_types: Optional[List[IOCType]] = None,
41+
include_hash_types: Optional[List[HashType]] = None,
42+
exceptions: Optional[List[str]] = None,
43+
ioc_parsing_rules: Optional[List[IocParsingRule]] = None,
44+
limit: Optional[int] = None,
45+
include_source_ip: bool = False
46+
) -> dict:
4447
iocs = Iocs()
4548
string = self.replace_dots_hxxp(string, ioc_parsing_rules)
4649
if not include_ioc_types or "ip" in include_ioc_types:
@@ -62,7 +65,7 @@ def get_iocs_from_string(
6265
total_count = iocs.get_total_count()
6366
if total_count > limit:
6467
raise IocsLimitExceededException(f"IOCs count {total_count} exceeds limit {limit}.")
65-
return iocs.return_iocs()
68+
return iocs.return_iocs(include_source_ip)
6669

6770
def replace_dots_hxxp(self, string, ioc_parsing_rules):
6871
if ioc_parsing_rules is None or "replace_dots" in ioc_parsing_rules:

translator/app/translator/cti_translator.py

Lines changed: 16 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import logging
22
from typing import Dict, List
33

4-
from app.translator.const import CTI_MIN_LIMIT_QUERY
4+
from app.translator.const import CTI_MIN_LIMIT_QUERY, CTI_IOCS_PER_QUERY_LIMIT
55
from app.translator.core.models.iocs import IocsChunkValue
66
from app.translator.core.parser_cti import CTIParser, Iocs
77
from app.translator.core.render_cti import RenderCTI
@@ -17,44 +17,46 @@ def __init__(self):
1717
self.logger = logging.getLogger("cti_converter")
1818
self.parser = CTIParser()
1919

20-
def _get_render_mapping(self, platform: CTIPlatform, include_source_ip: bool = False) -> Dict[str, str]:
21-
return self.renders.get(platform.name).default_mapping
22-
2320
@handle_translation_exceptions
24-
def __parse_iocs_from_string(self, text: str, include_ioc_types: list = None, include_hash_types: list = None,
25-
exceptions: list = None, ioc_parsing_rules: list = None) -> Iocs:
21+
def __parse_iocs_from_string(self, text: str,
22+
include_ioc_types: list = None,
23+
include_hash_types: list = None,
24+
exceptions: list = None,
25+
ioc_parsing_rules: list = None,
26+
include_source_ip: bool = False) -> dict:
2627
return self.parser.get_iocs_from_string(string=text,
2728
include_ioc_types=include_ioc_types,
2829
include_hash_types=include_hash_types,
2930
exceptions=exceptions,
3031
ioc_parsing_rules=ioc_parsing_rules,
31-
limit=CTI_MIN_LIMIT_QUERY)
32+
limit=CTI_MIN_LIMIT_QUERY,
33+
include_source_ip=include_source_ip)
3234

3335
@handle_translation_exceptions
34-
def __render_translation(self, parsed_data: dict, platform_data: CTIPlatform, iocs_per_query: int,
35-
include_source_ip: bool = False) -> List[str]:
36-
mapping = self._get_render_mapping(platform=platform_data, include_source_ip=include_source_ip)
36+
def __render_translation(self, parsed_data: dict, platform_data: CTIPlatform, iocs_per_query: int) -> List[str]:
3737
platform = self.renders.get(platform_data.name)
3838
platform_generation = self.generate(data=parsed_data, platform=platform, iocs_per_query=iocs_per_query,
39-
mapping=mapping)
39+
mapping=platform.default_mapping)
4040
return platform_generation
4141

4242
def convert(self, text: str,
4343
platform_data: CTIPlatform,
44-
iocs_per_query: int = 25,
44+
iocs_per_query: int = None,
4545
include_ioc_types: list = None,
4646
include_hash_types: list = None,
4747
exceptions: list = None,
4848
ioc_parsing_rules: list = None,
4949
include_source_ip: bool = False) -> (bool, List[str]):
50+
if not iocs_per_query:
51+
iocs_per_query = CTI_IOCS_PER_QUERY_LIMIT
5052
status, parsed_data = self.__parse_iocs_from_string(text=text,
5153
include_ioc_types=include_ioc_types,
5254
include_hash_types=include_hash_types,
5355
exceptions=exceptions,
54-
ioc_parsing_rules=ioc_parsing_rules)
56+
ioc_parsing_rules=ioc_parsing_rules,
57+
include_source_ip=include_source_ip)
5558
if status:
5659
return self.__render_translation(parsed_data=parsed_data,
57-
include_source_ip=include_source_ip,
5860
platform_data=platform_data,
5961
iocs_per_query=iocs_per_query
6062
)

0 commit comments

Comments
 (0)