def process_content(self, content, filename):
context = dict(source=self.name)
context['description'] = 'File: {}'.format(filename)
if content.startswith('Certificate:') and content.endswith(
'-----END CERTIFICATE-----\n'):
try:
cert_data = Certificate.from_data(content)
cert_data.add_context(context)
cert_data.add_source(self.name)
except ObservableValidationError as e:
logging.error(e)
else:
try:
observables = Observable.from_string(content)
except Exception as e:
logging.error(e)
return
for key in observables:
for ioc in filter(None, observables[key]):
if key == 'Url' and any(
[domain in ioc for domain in BLACKLIST_DOMAINS]):
continue
try:
ioc_data = self.refs[key].get_or_create(value=ioc)
ioc_data.add_context(context)
ioc_data.add_source(self.name)
except ObservableValidationError as e:
logging.error(e)
except UnicodeDecodeError as e:
logging.error(e)
def import_from(self, id):
investigation = get_object_or_404(Investigation, id=id)
observables = Observable.from_string(investigation.import_text)
return render_template(
"{}/import_from.html".format(self.klass.__name__.lower()),
investigation=investigation,
observables=bson_renderer(observables))
