beagle icon indicating copy to clipboard operation
beagle copied to clipboard
verified publisher icon yampelo

Exporting to MISP objects with relationships

Open adulau opened this issue 6 years ago • 3 comments

Beagle is really cool. Looking at it, it could make sense to export the result of the analysis and especially a graph in MISP objects format with relationships (it's a kind of graph) into MISP. This would allow users to share investigations and discoveries.

adulau avatar Mar 31 '19 12:03 adulau

That sounds like a good idea. I'm guessing someone wouldn't want to add a full graph. I'll try to write something that maps specific Edge or Node objects to their MISP counterparts.

This should allow someone using the library to manipulate a networkX object, then use the set of nodes and edges they have to generate MISP objects.

yampelo avatar Mar 31 '19 14:03 yampelo

Indeed from the networkX object it would be the cleanest. I need to dig to see what are the missing objects in MISP objects and maybe also in the relationships to map with your existing parsers in Beagle.

adulau avatar Mar 31 '19 14:03 adulau

I would focus on the objects in here: https://github.com/yampelo/beagle/tree/master/beagle/nodes rather than the parsers. The parser will only ever return instances of these classes (or subclasses of them)

yampelo avatar Mar 31 '19 14:03 yampelo