mirror of https://github.com/CIRCL/AIL-framework
fix hive and misp error
parent
af9db53171
commit
6a89fac309
|
@ -37,7 +37,7 @@ except:
|
||||||
|
|
||||||
# import The Hive Keys
|
# import The Hive Keys
|
||||||
try:
|
try:
|
||||||
from theHiveKEYS import the_hive_url, the_hive_key
|
from theHiveKEYS import the_hive_url, the_hive_key, the_hive_verifycert
|
||||||
if the_hive_url == '':
|
if the_hive_url == '':
|
||||||
flag_the_hive = False
|
flag_the_hive = False
|
||||||
else:
|
else:
|
||||||
|
@ -47,6 +47,7 @@ except:
|
||||||
flag_the_hive = False
|
flag_the_hive = False
|
||||||
|
|
||||||
from thehive4py.api import TheHiveApi
|
from thehive4py.api import TheHiveApi
|
||||||
|
import thehive4py.exceptions
|
||||||
from thehive4py.models import Alert, AlertArtifact
|
from thehive4py.models import Alert, AlertArtifact
|
||||||
from thehive4py.models import Case, CaseTask, CustomFieldHelper
|
from thehive4py.models import Case, CaseTask, CustomFieldHelper
|
||||||
|
|
||||||
|
@ -128,21 +129,40 @@ if __name__ == "__main__":
|
||||||
if flag_misp:
|
if flag_misp:
|
||||||
try:
|
try:
|
||||||
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
|
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
|
||||||
misp_wrapper = ailleakObject.ObjectWrapper(pymisp)
|
|
||||||
r_serv_db.set('ail:misp', True)
|
|
||||||
print('Connected to MISP:', misp_url)
|
|
||||||
except:
|
except:
|
||||||
flag_misp = False
|
flag_misp = False
|
||||||
|
r_serv_db.set('ail:misp', False)
|
||||||
print('Not connected to MISP')
|
print('Not connected to MISP')
|
||||||
|
|
||||||
|
if flag_misp:
|
||||||
|
try:
|
||||||
|
misp_wrapper = ailleakObject.ObjectWrapper(pymisp)
|
||||||
|
r_serv_db.set('ail:misp', True)
|
||||||
|
print('Connected to MISP:', misp_url)
|
||||||
|
except e:
|
||||||
|
flag_misp = False
|
||||||
|
r_serv_db.set('ail:misp', False)
|
||||||
|
print(e)
|
||||||
|
print('Not connected to MISP')
|
||||||
|
|
||||||
# create The HIVE connection
|
# create The HIVE connection
|
||||||
if flag_the_hive:
|
if flag_the_hive:
|
||||||
try:
|
try:
|
||||||
HiveApi = TheHiveApi(the_hive_url, the_hive_key)
|
HiveApi = TheHiveApi(the_hive_url, the_hive_key, cert = the_hive_verifycert)
|
||||||
r_serv_db.set('ail:thehive', True)
|
r_serv_db.set('ail:thehive', True)
|
||||||
print('Connected to The HIVE:', the_hive_url)
|
|
||||||
except:
|
except:
|
||||||
HiveApi = False
|
HiveApi = False
|
||||||
|
flag_the_hive = False
|
||||||
|
r_serv_db.set('ail:thehive', False)
|
||||||
|
print('Not connected to The HIVE')
|
||||||
|
|
||||||
|
if HiveApi != False and flag_the_hive:
|
||||||
|
try:
|
||||||
|
HiveApi.get_alert(0)
|
||||||
|
print('Connected to The HIVE:', the_hive_url)
|
||||||
|
except thehive4py.exceptions.AlertException:
|
||||||
|
HiveApi = False
|
||||||
|
flag_the_hive = False
|
||||||
print('Not connected to The HIVE')
|
print('Not connected to The HIVE')
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
|
@ -155,7 +175,7 @@ if __name__ == "__main__":
|
||||||
continue
|
continue
|
||||||
else:
|
else:
|
||||||
|
|
||||||
if HiveApi or flag_misp:
|
if flag_the_hive or flag_misp:
|
||||||
tag, path = message.split(';')
|
tag, path = message.split(';')
|
||||||
paste = Paste.Paste(path)
|
paste = Paste.Paste(path)
|
||||||
source = '/'.join(paste.p_path.split('/')[-6:])
|
source = '/'.join(paste.p_path.split('/')[-6:])
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
# -*- coding: utf-8 -*-
|
|
||||||
|
|
||||||
misp_url = ''
|
|
||||||
misp_key = '' # The MISP auth key can be found on the MISP web interface under the automation section
|
|
||||||
misp_verifycert = True
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
# -*- coding: utf-8 -*-
|
|
||||||
|
|
||||||
the_hive_url = ''
|
|
||||||
the_hive_key = '' # The Hive auth key can be found on the The Hive web interface under the User Management
|
|
||||||
the_hive_verifycert = True
|
|
|
@ -147,7 +147,7 @@ for tag in taxonomies.get('infoleak').machinetags():
|
||||||
if tag.split('=')[0][:] == 'infoleak:automatic-detection':
|
if tag.split('=')[0][:] == 'infoleak:automatic-detection':
|
||||||
r_serv_db.sadd('list_export_tags', tag)
|
r_serv_db.sadd('list_export_tags', tag)
|
||||||
|
|
||||||
r_serv_db.sadd('list_export_tags', 'submitted')
|
r_serv_db.sadd('list_export_tags', 'infoleak:submission="manual"')
|
||||||
# ============ MAIN ============
|
# ============ MAIN ============
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|
Loading…
Reference in New Issue