CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-05-26 18:07:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add basic support for IP indicators in MVT (#556)

Browse Source 
* Add prelimary ipv4-addr ioc matching support under collection domains

* Add IP addresses as a valid IOC type

This currently just supports IPv4 addresses which
are treated as domains internally in MVT.

---------

Co-authored-by: renini <renini@local>
This commit is contained in:
Donncha Ó Cearbhaill
2024-10-17 18:20:17 +02:00
committed by GitHub
parent 5ef19a327c
commit 81b647beac
3 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/mvt/common/indicators.py
+7
View File
@@ -107,6 +107,13 @@ class Indicators:
ioc_coll=collection,
ioc_coll_list=collection["domains"],
)
if key == "ipv4-addr:value":
# We treat IP addresses as simple domains here to ease checks.
self._add_indicator(
ioc=value.strip(),
ioc_coll=collection,
ioc_coll_list=collection["domains"],
)
elif key == "process:name":
self._add_indicator(
ioc=value, ioc_coll=collection, ioc_coll_list=collection["processes"]