new: allow user to enrich objects #9187

righel · 2023-07-11T20:38:09Z

What does it do?

Allow enriching objects. misp-modules can handle objects and can define which template name or uuid applies to certain objects.

When defining your misp-module you can add an object template name as input to the mispattributes dictionary, example:

mispattributes = {
    'input': ['sigmf-recording'],
    'output': [
        'MISP objects'
    ],
    'format': 'misp_standard'
}

sigmf-recording is a object template name, when click on the enrichment icon () in the object envelop, MISP will propose a list of possible enrichments that match that object template:

For accessing the full object in the misp-module, you can do the following:

def handler(q=False):
    request = json.loads(q)
    object = request.get("object")
    ...

Questions

Does it require a DB change?
Are you using it in production?
Does it require a change in the API (PyMISP for example)?

…nt for the template

new: allow user to enrich objects

2c661b5

righel mentioned this pull request Jul 11, 2023

new: add sigmf module to expand a sigmf recording object template MISP/misp-modules#628

Merged

16 tasks

righel added 2 commits August 1, 2023 09:48

Merge branch 'develop' into allow-enrich-objects

1461fea

fix: only show object enrichment icon if theres an available enrichme…

3698fdc

…nt for the template

righel marked this pull request as ready for review August 1, 2023 09:57

righel merged commit 81e0345 into MISP:develop Aug 3, 2023
3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

new: allow user to enrich objects #9187

new: allow user to enrich objects #9187

righel commented Jul 11, 2023 •

edited

new: allow user to enrich objects #9187

new: allow user to enrich objects #9187

Conversation

righel commented Jul 11, 2023 • edited

What does it do?

Questions

righel commented Jul 11, 2023 •

edited