Skip to content

Commit

Permalink
Merge pull request #1334 from blacklanternsecurity/improved-brief-stdout
Browse files Browse the repository at this point in the history
Improve --brief stdout
  • Loading branch information
TheTechromancer authored Apr 30, 2024
2 parents f5f5d00 + 60541f5 commit 094db8f
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 2 deletions.
15 changes: 14 additions & 1 deletion bbot/core/event/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,19 @@ def scope_distance(self, scope_distance):
if source_scope_distance >= 0 and self != self.source:
self.source.scope_distance = scope_distance + 1

@property
def scope_description(self):
"""
Returns a single word describing the scope of the event.
"in-scope" if the event is in scope, "affiliate" if it's an affiliate, otherwise "distance-{scope_distance}"
"""
if self.scope_distance == 0:
return "in-scope"
elif "affiliate" in self.tags:
return "affiliate"
return f"distance-{self.scope_distance}"

@property
def source(self):
return self._source
Expand Down Expand Up @@ -600,7 +613,7 @@ def json(self, mode="json", siem_friendly=False):
dict: JSON-serializable dictionary representation of the event object.
"""
j = dict()
for i in ("type", "id"):
for i in ("type", "id", "scope_description"):
v = getattr(self, i, "")
if v:
j.update({i: v})
Expand Down
2 changes: 1 addition & 1 deletion bbot/scanner/preset/args.py
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ def preset_from_args(self):
args_preset.core.merge_custom({"modules": {"stdout": {"format": "json"}}})
if self.parsed.brief:
args_preset.core.merge_custom(
{"modules": {"stdout": {"event_fields": ["type", "scope_distance", "data"]}}}
{"modules": {"stdout": {"event_fields": ["type", "scope_description", "data"]}}}
)
if self.parsed.event_types:
args_preset.core.merge_custom({"modules": {"stdout": {"event_types": self.parsed.event_types}}})
Expand Down

0 comments on commit 094db8f

Please sign in to comment.