I must have misspoken. What I want to do is that I have base64 encoded data in my msg.data and I want to modify my source.url in the modify expert to have XXXX={msg[data]} in decoded version.

 

Today when I do this on the modify expert, it gives me:

XXXX=YmFzZTY0ZGF0YQ==

 

while I would like:

XXXX=base64data

 

 

All this without modifying the rest of my configuration, I know I could add a temporary field in harmonization.conf that contains my decrypted data, but I don't find it very clean.

 

Regards,

Guillaume

 

De : Mika Silander <mika.silander@csc.fi>
Envoyé : mercredi 19 octobre 2022 10:53
À : intelmq-users@lists.cert.at
Cc : Guillaume GRANJON DE LEPINEY <ggranjon@excellium-services.be>
Objet : Re: [IntelMQ-users] Modify expert get the value of data

 

You don't often get email from mika.silander@csc.fi. Learn why this is important

Hi Guillaume,

 

 Not entirely sure as to why you need to decode parts of your Modify expert's configurations, but in intelmq/lib/utils.py you have the base64_encode and base64_decode functions that may be of use to you.

Testing and experimenting what decoded and encoded data looks like can also be achieved on the command line, e.g. (on Ubuntu with the base64 executable provided by the coreutils package):

 

echo "a text sample" | base64 | base64 -d -

 

gives

 

a text sample

 

 I hope this helps.

 

Br, Mika

 

From: "Guillaume GRANJON DE LEPINEY via IntelMQ-users" <intelmq-users@lists.cert.at>
To: "intelmq-users@lists.cert.at" <intelmq-users@lists.cert.at>
Sent: Wednesday, 19 October, 2022 11:28:31
Subject: [IntelMQ-users] Modify expert get the value of data

 

Hello,

 

This may be a silly question, but I can't find the answer.

Is it possible to get the decoded value (not base 64) of my data in a configuration file of the bot intelmq.bots.experts.modify.expert?

 

I would like to do something like that with the decoded value:

 

Regards,

                                                                                                       

Guillaume GRANJON de LÉPINEY | ggranjon@excellium-services.be | PGP Key ID: 0xE2FD5ED1
CERT-XLM | cert@excellium-services.com | PGP Key ID: 0xD74E5AC0

Excellium Services Belgium N.V. | Orion Bldg, Belgicastraat 13, B-1930 Zaventem, Belgium
Mobile: +32 4 71 98 57 65

Emergency: +352 262 039 64 708 | emergency@excellium-services.com | PGP Key ID: 0x42662EFE

https://excellium-services.com/en/CERT-XLM/

https://www.trusted-introducer.org/directory/teams/cert-xlm.html

https://www.first.org/members/teams/cert-xlm

 

This email is confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorised amendment; we do not accept liability for any such changes, or for their consequences. You should be aware that we may monitor your e-mails and their content. Excellium Services SA.
--
List settings:
 https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
IntelMQ Documentation: https://intelmq.readthedocs.io/

This email is confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorised amendment; we do not accept liability for any such changes, or for their consequences. You should be aware that we may monitor your e-mails and their content. Excellium Services SA.