I'll do that if you don't see any other solution.
Thank you,
Guillaume
De : IntelMQ-users intelmq-users-bounces@lists.cert.at De la part de Sebix Envoyé : mercredi 19 octobre 2022 11:02 À : Guillaume GRANJON DE LEPINEY ggranjon@excellium-services.be; Mika Silander mika.silander@csc.fi; intelmq-users@lists.cert.at Objet : Re: [IntelMQ-users] Modify expert get the value of data
Why don't you save the decoded value in "msg[data]" (whatever that is) in the first place? On 10/19/22 10:59 AM, Guillaume GRANJON DE LEPINEY via IntelMQ-users wrote: I must have misspoken. What I want to do is that I have base64 encoded data in my msg.data and I want to modify my source.url in the modify expert to have XXXX={msg[data]} in decoded version.
Today when I do this on the modify expert, it gives me: XXXX=YmFzZTY0ZGF0YQ==
while I would like: XXXX=base64data
All this without modifying the rest of my configuration, I know I could add a temporary field in harmonization.conf that contains my decrypted data, but I don't find it very clean.
Regards, Guillaume
De : Mika Silander mika.silander@csc.fimailto:mika.silander@csc.fi Envoyé : mercredi 19 octobre 2022 10:53 À : intelmq-users@lists.cert.atmailto:intelmq-users@lists.cert.at Cc : Guillaume GRANJON DE LEPINEY ggranjon@excellium-services.bemailto:ggranjon@excellium-services.be Objet : Re: [IntelMQ-users] Modify expert get the value of data
You don't often get email from mika.silander@csc.fimailto:mika.silander@csc.fi. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification Hi Guillaume,
Not entirely sure as to why you need to decode parts of your Modify expert's configurations, but in intelmq/lib/utils.py you have the base64_encode and base64_decode functions that may be of use to you. Testing and experimenting what decoded and encoded data looks like can also be achieved on the command line, e.g. (on Ubuntu with the base64 executable provided by the coreutils package):
echo "a text sample" | base64 | base64 -d -
gives
a text sample
I hope this helps.
Br, Mika
________________________________ From: "Guillaume GRANJON DE LEPINEY via IntelMQ-users" <intelmq-users@lists.cert.atmailto:intelmq-users@lists.cert.at> To: "intelmq-users@lists.cert.atmailto:intelmq-users@lists.cert.at" <intelmq-users@lists.cert.atmailto:intelmq-users@lists.cert.at> Sent: Wednesday, 19 October, 2022 11:28:31 Subject: [IntelMQ-users] Modify expert get the value of data
Hello,
This may be a silly question, but I can't find the answer. Is it possible to get the decoded value (not base 64) of my data in a configuration file of the bot intelmq.bots.experts.modify.expert?
I would like to do something like that with the decoded value: [cid:image001.png@01D8E3AA.547DB6A0]
Regards,
Guillaume GRANJON de LÉPINEY | ggranjon@excellium-services.bemailto:ggranjon@excellium-services.be | PGP Key ID: 0xE2FD5ED1https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpgp.circl.lu%2Fpks%2Flookup%3Fsearch%3D0xE2FD5ED1%26fingerprint%3Don%26op%3Dindex&data=05%7C01%7Cggranjon%40excellium-services.be%7Cb1490556632646d6bb8a08dab1b09ac0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017669309432554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=TeEwmsGp6XblM%2F1WUQG856%2FY5AQG3J4nB%2B8gth16lKI%3D&reserved=0 CERT-XLM | cert@excellium-services.commailto:cert@excellium-services.com | PGP Key ID: 0xD74E5AC0https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpgp.circl.lu%2Fpks%2Flookup%3Fop%3Dvindex%26fingerprint%3Don%26search%3D0x67B311E5D74E5AC0&data=05%7C01%7Cggranjon%40excellium-services.be%7Cb1490556632646d6bb8a08dab1b09ac0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017669309432554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=teUgYIUijtzk%2BEN7FmSSCQxeemg0cXAr8lCcyIxFqus%3D&reserved=0 Excellium Services Belgium N.V. | Orion Bldg, Belgicastraat 13, B-1930 Zaventem, Belgium Mobile: +32 4 71 98 57 65 Emergency: +352 262 039 64 708 | emergency@excellium-services.commailto:emergency@excellium-services.com | PGP Key ID: 0x42662EFEhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexcellium-services.com%2Fassets%2FEMERGENCY_PKEY.asc&data=05%7C01%7Cggranjon%40excellium-services.be%7Cb1490556632646d6bb8a08dab1b09ac0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017669309432554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=9esSXyO3PWvuSYusC6WLFOq6mz40jJAdEEO2rneroSg%3D&reserved=0 https://excellium-services.com/en/CERT-XLM/ https://www.trusted-introducer.org/directory/teams/cert-xlm.html https://www.first.org/members/teams/cert-xlm
This email is confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorised amendment; we do not accept liability for any such changes, or for their consequences. You should be aware that we may monitor your e-mails and their content. Excellium Services SA. -- List settings: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-usershttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cert.at%2Fcgi-bin%2Fmailman%2Flistinfo%2Fintelmq-users&data=05%7C01%7Cggranjon%40excellium-services.be%7Cb1490556632646d6bb8a08dab1b09ac0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017669309432554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=n8IFckzzbMHSHrFL%2B6niaPPABjgmL7ne6BqIRoJGBT0%3D&reserved=0 IntelMQ Documentation: https://intelmq.readthedocs.io/https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fintelmq.readthedocs.io%2F&data=05%7C01%7Cggranjon%40excellium-services.be%7Cb1490556632646d6bb8a08dab1b09ac0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017669309432554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=OrFymDkgCwbPO9wVgixERZVwg85y5ogXdXG5eljWHKg%3D&reserved=0 This email is confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorised amendment; we do not accept liability for any such changes, or for their consequences. You should be aware that we may monitor your e-mails and their content. Excellium Services SA.
Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society
https://sebix.at/https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsebix.at%2F&data=05%7C01%7Cggranjon%40excellium-services.be%7Cb1490556632646d6bb8a08dab1b09ac0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017669309432554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=E8MUf9NfZvGEWfrOQ5L0JqFLN92VfNJFpxUCS%2Fcg%2FyI%3D&reserved=0
ZVR 1510673578
This email is confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorised amendment; we do not accept liability for any such changes, or for their consequences. You should be aware that we may monitor your e-mails and their content. Excellium Services SA.
