MISP-Taxii-Server/scripts/push_published_to_taxii.py

import os
import zmq
import sys
import json
import pymisp
import warnings
from pyaml import yaml
from cabby import create_client
from misp_stix_converter.converters import lint_roller
import logging

# Set up logger
logging.basicConfig(level=logging.INFO, format="'%(asctime)s - %(name)s - %(levelname)s - %(message)s')")
log = logging.getLogger(__name__)

# Try to load in config
if "OPENTAXII_CONFIG" in os.environ:
    config = yaml.load(open(os.environ["OPENTAXII_CONFIG"], "r"))
else:
    config = { "domain" : "127.0.0.1:9000" ,
               "zmq"   : { "host" : "127.0.0.1", "port" : 50000 }
             }

# Set up our ZMQ socket to recieve MISP JSON on publish
context = zmq.Context()
socket = context.socket(zmq.SUB)

log.info("Subscribing to tcp://{}:{}".format(
                                    config["zmq"]["host"],
                                    config["zmq"]["port"]
                                    ))

# Connect to the socket
socket.connect("tcp://{}:{}".format(
                                    config["zmq"]["host"],
                                    config["zmq"]["port"]
                                    ))
# Set the option to subscribe
socket.setsockopt_string(zmq.SUBSCRIBE, '')

# Connct to TAXII as well
cli = create_client(discovery_path="{}://{}/services/discovery".format(config.get("protocol", "http"), config["domain"]))
cli.set_auth(username = config["taxii"]["auth"]["username"], 
             password = config["taxii"]["auth"]["password"]
            )
if not config.get("verify_ssl", True):
    cli.verify_ssl = False

while True:
    # Wait for something to come in on the ZMQ socket
    message = socket.recv().decode("utf-8")
    log.info("Recieved a message!")
    topic = message.split(' ', 1)[0]

    if topic != 'misp_json':
      log.info("Ignoring " + topic + "...")
      continue

    # Process the JSON payload
    log.debug("Processing...")
    payload = message[len(topic)+1:]

    # Load the message JSON
    msg = json.loads(payload)

    log.debug(msg)

    # Load it as a misp object for easy conversion to STIX
    ev = pymisp.mispevent.MISPEvent()
    ev.load(msg)

    # Convert to STIX
    pkg = pymisp.tools.stix.make_stix_package(ev)
    
    log.debug("Loaded successfully!")
    
    # Push the package to TAXII
    for version in config.get("stix_versions", ["1.1.1"]):
        # Convert to that version 
        objs = lint_roller.lintRoll(pkg)
        for i in objs:
            # Set the object's version
            if hasattr(i, "version"):
                i.version = version

        # Set the top-level
        pkg.version = version

        try:
            log.info("Using binding %s", "urn:stix.mitre.org:xml:{}".format(version))
            cli.push(content=pkg.to_xml().decode("utf-8"), 
                     content_binding="urn:stix.mitre.org:xml:{}".format(version), 
                     uri="{}://{}/services/inbox".format(config.get("protocol", "http"), 
                                                         config["domain"]),
                     collection_names=config["taxii"].get("collections", ["collection"]))

            log.info("Pushed! (%s)", version)     
            
        except Exception as ex:
            log.fatal("COULD NOT PUSH")
            log.exception(ex)
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`import os`
			`import zmq`
			`import sys`
			`import json`
			`import pymisp`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`import warnings`
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`from pyaml import yaml`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`from cabby import create_client`
fix: Allow misp_push to take multiple stix versions 2017-08-18 11:52:42 +02:00			`from misp_stix_converter.converters import lint_roller`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`import logging`
Moved to env-var based system 2016-11-23 13:16:30 +01:00
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`# Set up logger`
chg: Set default log format to include timestamp Fixes #32 2017-12-27 11:14:36 +01:00			`logging.basicConfig(level=logging.INFO, format="'%(asctime)s - %(name)s - %(levelname)s - %(message)s')")`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`log = logging.getLogger(__name__)`

			`# Try to load in config`
			`if "OPENTAXII_CONFIG" in os.environ:`
			`config = yaml.load(open(os.environ["OPENTAXII_CONFIG"], "r"))`
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`else:`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`config = { "domain" : "127.0.0.1:9000" ,`
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`"zmq" : { "host" : "127.0.0.1", "port" : 50000 }`
			`}`

2 way comms achieved! 2016-12-28 11:51:43 +01:00			`# Set up our ZMQ socket to recieve MISP JSON on publish`
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`context = zmq.Context()`
			`socket = context.socket(zmq.SUB)`

2 way comms achieved! 2016-12-28 11:51:43 +01:00			`log.info("Subscribing to tcp://{}:{}".format(`
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`config["zmq"]["host"],`
			`config["zmq"]["port"]`
			`))`

2 way comms achieved! 2016-12-28 11:51:43 +01:00			`# Connect to the socket`
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`socket.connect("tcp://{}:{}".format(`
			`config["zmq"]["host"],`
			`config["zmq"]["port"]`
			`))`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`# Set the option to subscribe`
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`socket.setsockopt_string(zmq.SUBSCRIBE, '')`

2 way comms achieved! 2016-12-28 11:51:43 +01:00			`# Connct to TAXII as well`
chg: Use optional https 2017-08-17 17:14:06 +02:00			`cli = create_client(discovery_path="{}://{}/services/discovery".format(config.get("protocol", "http"), config["domain"]))`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`cli.set_auth(username = config["taxii"]["auth"]["username"],`
			`password = config["taxii"]["auth"]["password"]`
			`)`
new: Allow for non-verification of SSL 2017-08-18 11:56:19 +02:00			`if not config.get("verify_ssl", True):`
			`cli.verify_ssl = False`
2 way comms achieved! 2016-12-28 11:51:43 +01:00
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`while True:`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`# Wait for something to come in on the ZMQ socket`
Bring ZeroMQ in line with the use of ZMQ topics in MISP 2.4.75 2017-06-01 16:12:54 +02:00			`message = socket.recv().decode("utf-8")`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`log.info("Recieved a message!")`
Bring ZeroMQ in line with the use of ZMQ topics in MISP 2.4.75 2017-06-01 16:12:54 +02:00			`topic = message.split(' ', 1)[0]`

			`if topic != 'misp_json':`
			`log.info("Ignoring " + topic + "...")`
			`continue`

			`# Process the JSON payload`
2 way comms achieved! 2016-12-28 11:51:43 +01:00			`log.debug("Processing...")`
Bring ZeroMQ in line with the use of ZMQ topics in MISP 2.4.75 2017-06-01 16:12:54 +02:00			`payload = message[len(topic)+1:]`
2 way comms achieved! 2016-12-28 11:51:43 +01:00
			`# Load the message JSON`
Bring ZeroMQ in line with the use of ZMQ topics in MISP 2.4.75 2017-06-01 16:12:54 +02:00			`msg = json.loads(payload)`
2 way comms achieved! 2016-12-28 11:51:43 +01:00
			`log.debug(msg)`

			`# Load it as a misp object for easy conversion to STIX`
Moved to env-var based system 2016-11-23 13:16:30 +01:00			`ev = pymisp.mispevent.MISPEvent()`
			`ev.load(msg)`
2 way comms achieved! 2016-12-28 11:51:43 +01:00
			`# Convert to STIX`
			`pkg = pymisp.tools.stix.make_stix_package(ev)`

			`log.debug("Loaded successfully!")`

			`# Push the package to TAXII`
fix: Allow misp_push to take multiple stix versions 2017-08-18 11:52:42 +02:00			`for version in config.get("stix_versions", ["1.1.1"]):`
			`# Convert to that version`
			`objs = lint_roller.lintRoll(pkg)`
			`for i in objs:`
			`# Set the object's version`
			`if hasattr(i, "version"):`
			`i.version = version`
2 way comms achieved! 2016-12-28 11:51:43 +01:00
fix: Set the top-level package version 2017-08-18 12:13:37 +02:00			`# Set the top-level`
			`pkg.version = version`

fix: Allow misp_push to take multiple stix versions 2017-08-18 11:52:42 +02:00			`try:`
fix: Explicitly state stix binding 2017-08-18 12:06:13 +02:00			`log.info("Using binding %s", "urn:stix.mitre.org:xml:{}".format(version))`
			`cli.push(content=pkg.to_xml().decode("utf-8"),`
			`content_binding="urn:stix.mitre.org:xml:{}".format(version),`
fix: Allow misp_push to take multiple stix versions 2017-08-18 11:52:42 +02:00			`uri="{}://{}/services/inbox".format(config.get("protocol", "http"),`
			`config["domain"]),`
			`collection_names=config["taxii"].get("collections", ["collection"]))`

			`log.info("Pushed! (%s)", version)`

			`except Exception as ex:`
			`log.fatal("COULD NOT PUSH")`
			`log.exception(ex)`