From 2e1243864c4fe9a17debc0ba7f02da256c559c4d Mon Sep 17 00:00:00 2001
From: Nex <nex@nex.sx>
Date: Wed, 20 Jul 2022 13:24:20 +0200
Subject: [PATCH] Added check_indicators to profile_events

---
 mvt/ios/modules/backup/profile_events.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/mvt/ios/modules/backup/profile_events.py b/mvt/ios/modules/backup/profile_events.py
index c23ed2d..6023d83 100644
--- a/mvt/ios/modules/backup/profile_events.py
+++ b/mvt/ios/modules/backup/profile_events.py
@@ -31,9 +31,20 @@ class ProfileEvents(IOSExtraction):
             "timestamp": record.get("timestamp"),
             "module": self.__class__.__name__,
             "event": "profile_operation",
-            "data": f"Process {record.get('process')} started operation {record.get('operation')} of profile {record.get('profile_id')}"
+            "data": f"Process {record.get('process')} started operation " \
+                    f"{record.get('operation')} of profile {record.get('profile_id')}"
         }
 
+    def check_indicators(self) -> None:
+        if not self.indicators:
+            return
+
+        for result in self.results:
+            ioc = self.indicators.check_process(result.get("process"))
+            if ioc:
+                result["matched_indicator"] = ioc
+                self.detected.append(result)
+
     def run(self) -> None:
         for events_file in self._get_backup_files_from_manifest(relative_path=CONF_PROFILES_EVENTS_RELPATH):
             events_file_path = self._get_backup_file_from_id(events_file["file_id"])