Skip to content

Commit

Permalink
Merge pull request #9 from guillaume-philippon/bugfix-1
Browse files Browse the repository at this point in the history
Fix bug that overwrite ioc_detected info
  • Loading branch information
4quarks authored Aug 25, 2023
2 parents 642363a + 5685fee commit 6ca4df7
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions lib/trigger.rb
Original file line number Diff line number Diff line change
Expand Up @@ -56,17 +56,17 @@ def study_ioc(list_iocs, ioc_detected, type_ioc, ip_client, date)
# We don't have information so we will query MISP
alert = Alert.new()
@result_ioc = alert.parse_log(ioc_detected, type_ioc, date, ip_client)
end
if @result_ioc.empty?
# Although it is a malicious domain it doesn't have any data in MISP -> skip next time
skip_iocs.append(ioc_detected)
else
# We have found data in MISP about this domain -> we will report it to the right client
if ! @@alerts_found.include?(email_client)
@@alerts_found[email_client] = {}
if @result_ioc.empty?
# Although it is a malicious domain it doesn't have any data in MISP -> skip next time
skip_iocs.append(ioc_detected)
else
# We have found data in MISP about this domain -> we will report it to the right client
if ! @@alerts_found.include?(email_client)
@@alerts_found[email_client] = {}
end
@@alerts_found[email_client][ioc_detected] = @result_ioc
@@log_alerts.info(@result_ioc)
end
@@alerts_found[email_client][ioc_detected] = @result_ioc
@@log_alerts.info(@result_ioc)
end
else
skip_iocs.append(ioc_detected)
Expand Down

0 comments on commit 6ca4df7

Please sign in to comment.