def get_obs(res, entity, source):
current_node = list(filter(lambda x: x['value'] == entity.value,
res['nodes']))[0]
nodes = list(filter(lambda x: x['value'] != entity.value,
res['nodes']))
links = res['links']
nodes = {n['_id']: n for n in nodes}
selected_nodes = {_id:
list(filter(
lambda x: x['src']['id'] == _id or
x['dst']['id'] == _id,
links))[0] for _id in nodes.keys()}
for _id, n in selected_nodes.items():
type_obs = nodes[_id]['_cls'].split('.')[1]
obs = str_to_class(type_obs)(nodes[_id]['value'])
history = sorted(
list(filter(lambda x: source in x['sources'],
n['history'])),
key=lambda x: parser.parser(x['last_seen']))
obs.link_label = '%s:%s' % (history[0]['description'],
history[0]['last_seen'])
yield obs
def do_transform(self, request, response, config):
entity = request.entity
yeti = get_yeti_connection(config)
if yeti:
obs = yeti.observable_search(value=entity.value)
if obs:
res = yeti.neighbors_observables(obs[0]['id'])
if res and 'objs' in res:
for item in res['objs']:
type_obs = item['type']
entity_add = None
try:
entity_add = str_to_class(type_obs)(item['value'])
except AttributeError as e:
pass
if entity_add:
entity_add.link_label = ' '.join(
[s for s in item['sources']])
if type_obs == 'Url':
entity_add.url = item['value']
entity_add.Type = type_obs
created_date = parser.parse(item['created'])
if created_date:
entity_add.link_label = ' created:%s' % created_date.isoformat(
)
response += entity_add
return response
def do_pdns(res, entity, response):
if res:
for item in res['nodes']:
if item['value'] != entity.value:
entity_add = str_to_class(item['_cls'].split('.')[1])(
item['value'])
entity_add.link_label = 'Metadata'
response += entity_add
return response
def do_transform(self, request, response, config):
entity = request.entity
yeti = get_yeti_connection(config)
if yeti:
ent = yeti.entity_search(name=entity.value)[0]
res = yeti.entity_to_observables(ent['id'])
if res and 'objs' in res:
for item in res['objs']:
type_obs = item['type']
entity_add = str_to_class(type_obs)(item['value'])
entity_add.tags = [t['name'] for t in item['tags']]
response += entity_add
return response
def get_entity_to_entity(request, response, config, name_entity=None):
entity = request.entity
yeti = get_yeti_connection(config)
if yeti:
ent = yeti.entity_search(name=entity.value)[0]
res = select_request_entity_to_entity(yeti, name_entity, ent)
if res and 'objs' in res:
for item in res['objs']:
entity_add = str_to_class(item['type'])()
entity_add.tags = item['tags']
entity_add.value = item['name']
response += entity_add
return response
def get_entity_for_observable(request, response, config, name_entity=None):
entity = request.entity
yeti = get_yeti_connection(config)
if yeti:
obj = yeti.observable_search(value=entity.value)[0]
res = select_request_observable_to_entity(yeti, name_entity, obj)
if res and 'objs' in res:
for item in res['objs']:
entity_name = item['type']
entity_add = None
try:
entity_add = str_to_class(entity_name)()
except:
print('failed')
pass
if entity_add:
if 'tags' in item:
entity_add.tags = [t for t in item['tags']]
entity_add.value = item['name']
response += entity_add
return response