def process_content(self, content, filename): context = dict(source=self.name) context['description'] = 'File: {}'.format(filename) if content.startswith('Certificate:') and content.endswith( '-----END CERTIFICATE-----\n'): try: cert_data = Certificate.from_data(content) cert_data.add_context(context) cert_data.add_source(self.name) except ObservableValidationError as e: logging.error(e) else: try: observables = Observable.from_string(content) except Exception as e: logging.error(e) return for key in observables: for ioc in filter(None, observables[key]): if key == 'Url' and any( [domain in ioc for domain in BLACKLIST_DOMAINS]): continue try: ioc_data = self.refs[key].get_or_create(value=ioc) ioc_data.add_context(context) ioc_data.add_source(self.name) except ObservableValidationError as e: logging.error(e) except UnicodeDecodeError as e: logging.error(e)
def import_from(self, id): investigation = get_object_or_404(Investigation, id=id) observables = Observable.from_string(investigation.import_text) return render_template( "{}/import_from.html".format(self.klass.__name__.lower()), investigation=investigation, observables=bson_renderer(observables))