Skip to content

Commit

Permalink
#220 Filter out MISP event if its timestamp is before the last synchr…
Browse files Browse the repository at this point in the history 
…onization time
  • Loading branch information
@To-om
To-om committed May 22, 2017
1 parent 0212416 commit 4251f18
Showing 1 changed file with 17 additions and 9 deletions.
26 changes: 17 additions & 9 deletions thehive-misp/app/connectors/misp/MispSrv.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,12 @@ case class MispConnection(

private[MispConnection] lazy val logger = Logger(getClass)

logger.info(s"Add MISP connection $name ($baseUrl)\n\tproxy configuration: ${ws.proxy}")
logger.info(
s"""Add MISP connection $name
|\turl: $baseUrl
|\tproxy: ${ws.proxy}
|\tcase template: ${caseTemplate.getOrElse("<not set>")}
|\tartifact tags: ${artifactTags.mkString}""".stripMargin)

private[misp] def apply(url: String) =
ws.url(s"$baseUrl/$url")
Expand Down Expand Up @@ -193,6 +198,7 @@ class MispSrv @Inject() (
"type" -
"source" -
"sourceRef" -
"caseTemplate" -
"date" +
("artifacts" JsArray(attrs)) +
("status" (if (!alert.follow()) Json.toJson(alert.status())
Expand Down Expand Up @@ -232,14 +238,16 @@ class MispSrv @Inject() (
logger.warn(s"Invalid MISP event format:\n${response.body}")
Nil
}
val events = eventJson.flatMap { j
j.asOpt[MispAlert]
.map(_.copy(source = mispConnection.name))
.orElse {
logger.warn(s"MISP event can't be parsed\n$j")
None
}
}
val events = eventJson
.flatMap { j
j.asOpt[MispAlert]
.map(_.copy(source = mispConnection.name))
.orElse {
logger.warn(s"MISP event can't be parsed\n$j")
None
}
}
.filter(_.date after fromDate)
val eventJsonSize = eventJson.size
val eventsSize = events.size
if (eventJsonSize != eventsSize)
Expand Down

0 comments on commit 4251f18

Please sign in to comment.