AIL-framework/bin/modules/MISP_Thehive_Auto_Push.py

77 lines
2.4 KiB
Python
Executable File

#!/usr/bin/env python3
# -*-coding:UTF-8 -*
"""
module
====================
This module send tagged pastes to MISP or THE HIVE Project
"""
import os
import sys
import time
sys.path.append(os.environ['AIL_BIN'])
##################################
# Import Project packages
##################################
from modules.abstract_module import AbstractModule
from lib.exceptions import MISPConnectionError
from lib.objects.Items import Item
from lib import Tag
from exporter.MISPExporter import MISPExporterAutoDaily
from exporter.TheHiveExporter import TheHiveExporterAlertTag
class MISP_Thehive_Auto_Push(AbstractModule):
"""MISP_Hive_Feeder module for AIL framework"""
def __init__(self):
super(MISP_Thehive_Auto_Push, self).__init__()
# refresh Tracked Regex
self.tags = Tag.refresh_auto_push()
self.last_refresh = time.time()
self.misp_exporter = MISPExporterAutoDaily()
self.the_hive_exporter = TheHiveExporterAlertTag()
# Send module state to logs
self.logger.info(f"Module {self.module_name} initialized")
def compute(self, message):
if self.last_refresh < Tag.get_last_auto_push_refreshed() < 0:
self.tags = Tag.refresh_auto_push()
self.last_refresh = time.time()
self.redis_logger.info('Tags Auto Push refreshed')
tag = message
item = self.get_obj()
item_id = item.get_id()
# enabled
if 'misp' in self.tags:
if tag in self.tags['misp']:
r = self.misp_exporter.export(item, tag)
if r == -1:
Tag.set_auto_push_status('misp', 'ConnectionError')
else:
Tag.set_auto_push_status('misp', '')
self.logger.info(f'MISP Pushed: {tag} -> {item_id}')
if 'thehive' in self.tags:
if tag in self.tags['thehive']:
r = self.the_hive_exporter.export(item, tag)
if r == -1:
Tag.set_auto_push_status('thehive', 'ConnectionError')
elif r == -2:
Tag.set_auto_push_status('thehive', 'Request Entity Too Large')
else:
Tag.set_auto_push_status('thehive', '')
self.logger.info(f'thehive Pushed: {tag} -> {item_id}')
if __name__ == "__main__":
module = MISP_Thehive_Auto_Push()
module.run()