Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Shodan] Created config to use ISP name for ASN name. #2936

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+11 −2
Open

[Shodan] Created config to use ISP name for ASN name. #2936

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions internal-enrichment/shodan/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ Below are the parameters you'll need to set for Shodan Connector:
| max_tlp | `max_tlp` | `SHODAN_MAX_TLP` | `TLP:AMBER` | No | The maximal TLP of the observable being enriched. |
| default_score | `default_score` | `SHODAN_DEFAULT_SCORE` | `50` | No | Default_score allows you to add a default score for an indicator and its observable |
| import_search_results | `import_search_results` | `SHODAN_IMPORT_SEARCH_RESULTS` | `True` | No | Returns the results of the search against the enriched indicator (Search the SHODAN database). |
| create_note | `create_note` | `SHODAN_CREATE_NOTE` | `True` | Adds Shodan results to a note, otherwise it is saved in the description. |
| use_isp_name_for_asn | `use_isp_name_for_asn` | `SHODAN_USE_ISP_NAME_FOR_ASN` | `False` | Use the ISP name for ASN name rather than AS+Number. |

## Deployment

Expand Down
1 change: 1 addition & 0 deletions internal-enrichment/shodan/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,5 @@ services:
- SHODAN_DEFAULT_SCORE=50
- SHODAN_IMPORT_SEARCH_RESULTS=true
- SHODAN_CREATE_NOTE=true # Add results to note rather than description
- SHODAN_USE_ISP_NAME_FOR_ASN=false
restart: always
1 change: 1 addition & 0 deletions internal-enrichment/shodan/src/config.yml.sample
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,4 @@ shodan:
default_score: 50
import_search_results: true
create_note: true
use_isp_name_for_asn: false
9 changes: 7 additions & 2 deletions internal-enrichment/shodan/src/shodanImport.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,12 @@ def __init__(self):
config,
default=True,
)

self.use_isp_name_for_asn = get_config_variable(
"SHODAN_USE_ISP_NAME_FOR_ASN",
["shodan", "use_isp_name_for_asn"],
config,
default=False,
)
# Shodan Identity
self.shodan_identity = self.helper.api.identity.create(
type="Organization",
Expand Down Expand Up @@ -211,7 +216,7 @@ def _generate_stix_hostname(self, data):
def _generate_stix_asn(self, data):
if "asn" in data and data["asn"] is not None and len(data["asn"]) > 0:
# Generate Asn
entity_asn = data["asn"]
entity_asn = data["isp"] if self.use_isp_name_for_asn else data["asn"]
asn_number = int(data["asn"].replace("AS", ""))
stix_asn = stix2.AutonomousSystem(
type="autonomous-system",
Expand Down