AIL/ail-framework
7
0
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2024-09-20 07:58:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: [TheHive feeder] create alert

Browse source
This commit is contained in:
Terrtia 2020-07-14 15:58:27 +02:00
parent 4306da666b
commit 97905367b6
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/MISP_The_Hive_feeder.py
View file

@ -58,15 +58,15 @@ from thehive4py.models import Case, CaseTask, CustomFieldHelper
def create_the_hive_alert(source, path, tag):
def create_the_hive_alert(source, item_id, tag):
# # TODO: check items status (processed by all modules)
# # TODO: add item metadata: decoded content, link to auto crawled content, pgp correlation, cryptocurrency correlation...
# # # TODO: description, add AIL link:show items ?
tags = list( r_serv_metadata.smembers('tag:{}'.format(path)) )
tags = list( r_serv_metadata.smembers('tag:{}'.format(item_id)) )
artifacts = [
AlertArtifact( dataType='uuid-ail', data=r_serv_db.get('ail:uuid') ),
AlertArtifact( dataType='file', data=path, tags=tags )
AlertArtifact( dataType='file', data=item_id, tags=tags )
]
# Prepare the sample Alert
@ -115,7 +115,7 @@ def feeder(message, count=0):
if HiveApi != False:
if int(r_serv_db.get('hive:auto-alerts')) == 1:
if r_serv_db.sismember('whitelist_hive', tag):
create_the_hive_alert(source, path, tag)
create_the_hive_alert(source, item_id, tag)
else:
print('hive, auto alerts creation disable')
if flag_misp: