Checking for MISP existence
parent
67f9c52def
commit
0aaed66540
|
@ -71,6 +71,7 @@ else:
|
||||||
"collections": misp_collections
|
"collections": misp_collections
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
MISP = ''
|
||||||
try:
|
try:
|
||||||
MISP = pymisp.PyMISP(
|
MISP = pymisp.PyMISP(
|
||||||
CONFIG["misp"]["url"],
|
CONFIG["misp"]["url"],
|
||||||
|
@ -126,6 +127,8 @@ def post_stix(manager, content_block, collection_ids, service_id):
|
||||||
):
|
):
|
||||||
for attrib in values:
|
for attrib in values:
|
||||||
log.info("Checking for existence of %s", attrib)
|
log.info("Checking for existence of %s", attrib)
|
||||||
|
search = ''
|
||||||
|
if MISP:
|
||||||
search = MISP.search("attributes", values=str(attrib))
|
search = MISP.search("attributes", values=str(attrib))
|
||||||
if 'response' in search:
|
if 'response' in search:
|
||||||
if search["response"]["Attribute"] != []:
|
if search["response"]["Attribute"] != []:
|
||||||
|
@ -151,15 +154,18 @@ def post_stix(manager, content_block, collection_ids, service_id):
|
||||||
# But I don't wanna read docs
|
# But I don't wanna read docs
|
||||||
if (len(package.attributes) > 0):
|
if (len(package.attributes) > 0):
|
||||||
log.info("Uploading event to MISP with attributes %s", [x.value for x in package.attributes])
|
log.info("Uploading event to MISP with attributes %s", [x.value for x in package.attributes])
|
||||||
|
event = ''
|
||||||
try:
|
try:
|
||||||
|
if MISP:
|
||||||
event = MISP.add_event(package)
|
event = MISP.add_event(package)
|
||||||
except ConnectionError:
|
except ConnectionError, NameError:
|
||||||
log.error("Cannot push to MISP; please ensure that MISP is up and running at {}. Skipping MISP upload.".format(CONFIG['misp']['url']))
|
log.error("Cannot push to MISP; please ensure that MISP is up and running at {}. Skipping MISP upload.".format(CONFIG['misp']['url']))
|
||||||
if (
|
if (
|
||||||
CONFIG["misp"]["publish"] == True or
|
CONFIG["misp"]["publish"] == True or
|
||||||
CONFIG["misp"]["publish"] == "True"
|
CONFIG["misp"]["publish"] == "True"
|
||||||
):
|
):
|
||||||
log.info("Publishing event to MISP with ID {}".format(event.get('uuid')))
|
log.info("Publishing event to MISP with ID {}".format(event.get('uuid')))
|
||||||
|
if MISP:
|
||||||
MISP.publish(event)
|
MISP.publish(event)
|
||||||
else:
|
else:
|
||||||
log.info("Skipping MISP event publishing")
|
log.info("Skipping MISP event publishing")
|
||||||
|
|
Loading…
Reference in New Issue