Is custom output module supported?

[syunaht]

Description Is custom output module supported? I tested it and it seems not to work. Adding the output module to module_dirs is ineffective. Although I can directly modify asset_inventory.py, it doesn't feel very elegant

[TheTechromancer]

Yes, you should be able to drop it in alongside the existing output modules.

You wanna post your code and I'll check it over?

[TheTechromancer]

@syunaht any luck?

[syunaht]

Yes, you should be able to drop it in alongside the existing output modules.

You wanna post your code and I'll check it over?

Sorry for the late reply, a bit busy recently. I will submit a PR about custom output module In a few days. Actually, I'm still thinking about whether to optimize the result output to output.json. Currently, the content in output.json is not standardized enough (such as HTTP title). If all the data is output in a consistent format (which we are doing now, but not 100%), it would make external parsing easier (using jq, Python, Go, etc.), facilitating inheritance and making it more convenient to standardize personal output formats. I haven't been using bbot for very long, and many of my ideas come in a flash, so they might be a bit disorganized. I'm not sure if they align with bbot's design principles. I appreciate your patience.

[TheTechromancer]

Okay, yeah we've run into similar issues when ingesting data into Elastic. That's why we added the siem_friendly option to standardize the .data type.

If we introduce standardization, we should use pydantic models to enforce it.

[TheTechromancer]

Closing; please feel free to reopen.