AIL-framework/bin/modules/MISP_Thehive_Auto_Push.py

#!/usr/bin/env python3
# -*-coding:UTF-8 -*

"""
module
====================

This module send tagged pastes to MISP or THE HIVE Project

"""
import os
import sys
import time

sys.path.append(os.environ['AIL_BIN'])
##################################
# Import Project packages
##################################
from modules.abstract_module import AbstractModule
from lib.exceptions import MISPConnectionError
from lib.objects.Items import Item
from lib import Tag
from exporter.MISPExporter import MISPExporterAutoDaily
from exporter.TheHiveExporter import TheHiveExporterAlertTag

class MISP_Thehive_Auto_Push(AbstractModule):
    """MISP_Hive_Feeder module for AIL framework"""

    def __init__(self):
        super(MISP_Thehive_Auto_Push, self).__init__()

        # refresh Tracked Regex
        self.tags = Tag.refresh_auto_push()
        self.last_refresh = time.time()

        self.misp_exporter = MISPExporterAutoDaily()
        self.the_hive_exporter = TheHiveExporterAlertTag()

        # Send module state to logs
        self.logger.info(f"Module {self.module_name} initialized")

    def compute(self, message):
        if self.last_refresh < Tag.get_last_auto_push_refreshed() < 0:
            self.tags = Tag.refresh_auto_push()
            self.last_refresh = time.time()
            self.redis_logger.info('Tags Auto Push refreshed')

        tag = message
        item = self.get_obj()
        item_id = item.get_id()

        # enabled
        if 'misp' in self.tags:
            if tag in self.tags['misp']:
                r = self.misp_exporter.export(item, tag)
                if r == -1:
                    Tag.set_auto_push_status('misp', 'ConnectionError')
                else:
                    Tag.set_auto_push_status('misp', '')
                    self.logger.info('MISP Pushed:', tag, '->', item_id)

        if 'thehive' in self.tags:
            if tag in self.tags['thehive']:
                r = self.the_hive_exporter.export(item, tag)
                if r == -1:
                    Tag.set_auto_push_status('thehive', 'ConnectionError')
                elif r == -2:
                    Tag.set_auto_push_status('thehive', 'Request Entity Too Large')
                else:
                    Tag.set_auto_push_status('thehive', '')
                    self.logger.info('thehive Pushed:', tag, '->', item_id)


if __name__ == "__main__":
    module = MISP_Thehive_Auto_Push()
    module.run()