def run(unfurl, node):
if not node.data_type == 'mac-address':
long_int = utils.long_int_re.fullmatch(str(node.value))
m = utils.mac_addr_re.fullmatch(str(node.value))
if m and not long_int:
u = m.group('mac_addr')
# Check if we need to add colons
if len(u) == 12:
pretty_mac = ':'.join([u[i]+u[i+1] for i in range(0, 12, 2)])
else:
pretty_mac = u.upper()
unfurl.add_to_queue(
data_type='mac-address', key=None, value=pretty_mac, label=f'MAC address: {pretty_mac}',
parent_id=node.node_id, incoming_edge_config=uuid_edge)
elif node.data_type == 'mac-address' and unfurl.api_keys.get('macaddress_io') and unfurl.remote_lookups:
client = maclookup.ApiClient(unfurl.api_keys.get('macaddress_io'))
vendor_lookup = client.get_vendor(node.value).decode('utf-8')
if vendor_lookup:
unfurl.add_to_queue(
data_type="mac-address.vendor", key=None, value=vendor_lookup, label=f'Vendor: {vendor_lookup}',
parent_id=node.node_id, incoming_edge_config=uuid_edge)
def run(unfurl, node):
if not node.data_type == 'mac-address':
m = re.match(r'(?P<mac_addr>[0-9A-Fa-f]{12}|([0-9A-Fa-f]:){6})$', str(node.value))
if m:
u = m.group('mac_addr')
# Check if we need to add colons
if len(u) == 12:
pretty_mac = f'{u:0{12}X}'
pretty_mac = ':'.join([pretty_mac[i]+pretty_mac[i+1] for i in range(0, 12, 2)])
else:
pretty_mac = u.upper()
# TODO: add detection for randomly generated MACs (random 48-bit number with its eighth bit set to 1 as
# recommended in RFC 4122)
unfurl.add_to_queue(
data_type='mac-address', key=None, value=pretty_mac, label=f'MAC address: {pretty_mac}',
parent_id=node.node_id, incoming_edge_config=uuid_edge)
elif node.data_type == 'mac-address' and unfurl.api_keys.get('macaddress_io'):
client = maclookup.ApiClient(unfurl.api_keys.get('macaddress_io'))
vendor_lookup = client.get_vendor(node.value).decode('utf-8')
if vendor_lookup:
unfurl.add_to_queue(
data_type="mac-address.vendor", key=None, value=vendor_lookup, label=f'Vendor: {vendor_lookup}',
parent_id=node.node_id, incoming_edge_config=uuid_edge)