diff --git a/bin/MISP_The_Hive_feeder.py b/bin/MISP_The_Hive_feeder.py index 62053436..b11c44cb 100755 --- a/bin/MISP_The_Hive_feeder.py +++ b/bin/MISP_The_Hive_feeder.py @@ -37,7 +37,7 @@ except: # import The Hive Keys try: - from theHiveKEYS import the_hive_url, the_hive_key + from theHiveKEYS import the_hive_url, the_hive_key, the_hive_verifycert if the_hive_url == '': flag_the_hive = False else: @@ -47,6 +47,7 @@ except: flag_the_hive = False from thehive4py.api import TheHiveApi +import thehive4py.exceptions from thehive4py.models import Alert, AlertArtifact from thehive4py.models import Case, CaseTask, CustomFieldHelper @@ -128,21 +129,40 @@ if __name__ == "__main__": if flag_misp: try: pymisp = PyMISP(misp_url, misp_key, misp_verifycert) - misp_wrapper = ailleakObject.ObjectWrapper(pymisp) - r_serv_db.set('ail:misp', True) - print('Connected to MISP:', misp_url) except: flag_misp = False + r_serv_db.set('ail:misp', False) print('Not connected to MISP') + if flag_misp: + try: + misp_wrapper = ailleakObject.ObjectWrapper(pymisp) + r_serv_db.set('ail:misp', True) + print('Connected to MISP:', misp_url) + except e: + flag_misp = False + r_serv_db.set('ail:misp', False) + print(e) + print('Not connected to MISP') + # create The HIVE connection if flag_the_hive: try: - HiveApi = TheHiveApi(the_hive_url, the_hive_key) + HiveApi = TheHiveApi(the_hive_url, the_hive_key, cert = the_hive_verifycert) r_serv_db.set('ail:thehive', True) - print('Connected to The HIVE:', the_hive_url) except: HiveApi = False + flag_the_hive = False + r_serv_db.set('ail:thehive', False) + print('Not connected to The HIVE') + + if HiveApi != False and flag_the_hive: + try: + HiveApi.get_alert(0) + print('Connected to The HIVE:', the_hive_url) + except thehive4py.exceptions.AlertException: + HiveApi = False + flag_the_hive = False print('Not connected to The HIVE') while True: @@ -155,7 +175,7 @@ if __name__ == "__main__": continue else: - if HiveApi or flag_misp: + if flag_the_hive or flag_misp: tag, path = message.split(';') paste = Paste.Paste(path) source = '/'.join(paste.p_path.split('/')[-6:]) diff --git a/configs/keys/mispKEYS.py b/configs/keys/mispKEYS.py deleted file mode 100644 index 42c534b8..00000000 --- a/configs/keys/mispKEYS.py +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -misp_url = '' -misp_key = '' # The MISP auth key can be found on the MISP web interface under the automation section -misp_verifycert = True diff --git a/configs/keys/theHiveKEYS.py b/configs/keys/theHiveKEYS.py deleted file mode 100644 index 7c77c299..00000000 --- a/configs/keys/theHiveKEYS.py +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -the_hive_url = '' -the_hive_key = '' # The Hive auth key can be found on the The Hive web interface under the User Management -the_hive_verifycert = True diff --git a/var/www/Flask_server.py b/var/www/Flask_server.py index 8c97761e..068bee65 100755 --- a/var/www/Flask_server.py +++ b/var/www/Flask_server.py @@ -147,7 +147,7 @@ for tag in taxonomies.get('infoleak').machinetags(): if tag.split('=')[0][:] == 'infoleak:automatic-detection': r_serv_db.sadd('list_export_tags', tag) -r_serv_db.sadd('list_export_tags', 'submitted') +r_serv_db.sadd('list_export_tags', 'infoleak:submission="manual"') # ============ MAIN ============ if __name__ == "__main__":