From 9880c861547656ff9c40aad38c612caf13ef6b11 Mon Sep 17 00:00:00 2001
From: Nils Kuhnert <Nils.Kuhnert@posteo.de>
Date: Mon, 11 Jun 2018 14:58:42 +0200
Subject: [PATCH] Fixes #286: Added name param, fixed ssl verification if using
 empty path.

---
 analyzers/MISP/MISP.json | 82 +++++++++++++++++++++++++---------------
 analyzers/MISP/misp.py   |  6 ++-
 2 files changed, 57 insertions(+), 31 deletions(-)

diff --git a/analyzers/MISP/MISP.json b/analyzers/MISP/MISP.json
index 6ddb9f491..8ff2af7c2 100644
--- a/analyzers/MISP/MISP.json
+++ b/analyzers/MISP/MISP.json
@@ -5,38 +5,60 @@
   "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
   "version": "2.0",
   "description": "Query multiple MISP instances for events containing an observable.",
-  "dataTypeList": ["domain", "ip", "url", "fqdn", "uri_path","user-agent", "hash", "email", "mail", "mail_subject" , "registry", "regexp", "other", "filename"],
+  "dataTypeList": [
+    "domain",
+    "ip",
+    "url",
+    "fqdn",
+    "uri_path",
+    "user-agent",
+    "hash",
+    "email",
+    "mail",
+    "mail_subject",
+    "registry",
+    "regexp",
+    "other",
+    "filename"
+  ],
   "baseConfig": "MISP",
   "command": "MISP/misp.py",
   "configurationItems": [
-      {
-          "name": "url",
-          "description": "URL of MISP servers",
-          "type": "string",
-          "multi": true,
-          "required": true
-      },
-      {
-          "name": "key",
-          "description": "API key for each server",
-          "type": "string",
-          "multi": true,
-          "required": true
-      },
-      {
-          "name": "cert_check",
-          "description": "Verify server certificate",
-          "type": "boolean",
-          "multi": false,
-          "required": true,
-          "defaultValue": true
-      },
-      {
-          "name": "cert_path",
-          "description": "Path to the CA on the system used to check server certificate",
-          "type": "string",
-          "multi": true,
-          "required": false
-      }
+    {
+      "name": "name",
+      "description": "Name of MISP servers",
+      "multi": true,
+      "required": false,
+      "type": "string"
+    },
+    {
+      "name": "url",
+      "description": "URL of MISP servers",
+      "type": "string",
+      "multi": true,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "API key for each server",
+      "type": "string",
+      "multi": true,
+      "required": true
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": true,
+      "required": false
+    }
   ]
 }
diff --git a/analyzers/MISP/misp.py b/analyzers/MISP/misp.py
index 174f1efff..e00e96d00 100755
--- a/analyzers/MISP/misp.py
+++ b/analyzers/MISP/misp.py
@@ -12,7 +12,11 @@ def __init__(self):
         # Fixes #94. Instead of None, the string Unnamed should be passed to MISPClient constructor
         name = self.get_param('config.name', 'Unnamed')
         if self.get_param('config.cert_check', True):
-            ssl = self.get_param('config.cert_path', True)
+            ssl_path = self.get_param('config.cert_path', None)
+            if not ssl_path or ssl_path == '':
+                ssl = True
+            else:
+                ssl = ssl_path
         else:
             ssl = False
         try: