mirror of https://github.com/CIRCL/AIL-framework
77 lines
2.4 KiB
Python
Executable File
77 lines
2.4 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
# -*-coding:UTF-8 -*
|
|
|
|
"""
|
|
module
|
|
====================
|
|
|
|
This module send tagged pastes to MISP or THE HIVE Project
|
|
|
|
"""
|
|
import os
|
|
import sys
|
|
import time
|
|
|
|
sys.path.append(os.environ['AIL_BIN'])
|
|
##################################
|
|
# Import Project packages
|
|
##################################
|
|
from modules.abstract_module import AbstractModule
|
|
from lib.exceptions import MISPConnectionError
|
|
from lib.objects.Items import Item
|
|
from lib import Tag
|
|
from exporter.MISPExporter import MISPExporterAutoDaily
|
|
from exporter.TheHiveExporter import TheHiveExporterAlertTag
|
|
|
|
class MISP_Thehive_Auto_Push(AbstractModule):
|
|
"""MISP_Hive_Feeder module for AIL framework"""
|
|
|
|
def __init__(self):
|
|
super(MISP_Thehive_Auto_Push, self).__init__()
|
|
|
|
# refresh Tracked Regex
|
|
self.tags = Tag.refresh_auto_push()
|
|
self.last_refresh = time.time()
|
|
|
|
self.misp_exporter = MISPExporterAutoDaily()
|
|
self.the_hive_exporter = TheHiveExporterAlertTag()
|
|
|
|
# Send module state to logs
|
|
self.logger.info(f"Module {self.module_name} initialized")
|
|
|
|
def compute(self, message):
|
|
if self.last_refresh < Tag.get_last_auto_push_refreshed() < 0:
|
|
self.tags = Tag.refresh_auto_push()
|
|
self.last_refresh = time.time()
|
|
self.redis_logger.info('Tags Auto Push refreshed')
|
|
|
|
tag = message
|
|
item = self.get_obj()
|
|
item_id = item.get_id()
|
|
|
|
# enabled
|
|
if 'misp' in self.tags:
|
|
if tag in self.tags['misp']:
|
|
r = self.misp_exporter.export(item, tag)
|
|
if r == -1:
|
|
Tag.set_auto_push_status('misp', 'ConnectionError')
|
|
else:
|
|
Tag.set_auto_push_status('misp', '')
|
|
self.logger.info('MISP Pushed:', tag, '->', item_id)
|
|
|
|
if 'thehive' in self.tags:
|
|
if tag in self.tags['thehive']:
|
|
r = self.the_hive_exporter.export(item, tag)
|
|
if r == -1:
|
|
Tag.set_auto_push_status('thehive', 'ConnectionError')
|
|
elif r == -2:
|
|
Tag.set_auto_push_status('thehive', 'Request Entity Too Large')
|
|
else:
|
|
Tag.set_auto_push_status('thehive', '')
|
|
self.logger.info('thehive Pushed:', tag, '->', item_id)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
module = MISP_Thehive_Auto_Push()
|
|
module.run()
|